diff options
384 files changed, 33211 insertions, 4193 deletions
@@ -38,6 +38,7 @@ grammar.[ch] grammar.output tokens.[ch] ylwrap +lex.backup # i18n gettext.h @@ -71,11 +72,14 @@ src/chrysalide src/chrysalide-hub src/rost tools/d2c/d2c +tools/fuzzing/rost/fast-rost tools/yara2rost/yara2rost + # Misc plugins/python/androperms/androperms.db system/pkgconfig/chrysalide.pc +tools/fuzzing/rost/rost.dict # Themes *.ctm diff --git a/configure.ac b/configure.ac index 9de9abd..cfb94bd 100644 --- a/configure.ac +++ b/configure.ac @@ -541,6 +541,20 @@ if test "x$enable_magic_support" = "xyes"; then fi +#--- Checks for Hyperscan + +PKG_CHECK_MODULES(LIBHS,libhs >= 5.4.9,[libhs_found=yes],[libhs_found=no]) + +if test "$libhs_found" = "yes"; then + libhs_version=`pkg-config libhs --modversion` +else + libhs_version='-' +fi + +AC_SUBST(LIBHS_CFLAGS) +AC_SUBST(LIBHS_LIBS) + + #--- Checks for Python if test "x$enable_debug" = "xyes"; then @@ -630,6 +644,12 @@ AC_CONFIG_FILES([Makefile doc/Makefile pixmaps/Makefile plugins/Makefile + plugins/apihashing/Makefile + plugins/apihashing/classics/Makefile + plugins/apihashing/custom/Makefile + plugins/apihashing/python/Makefile + plugins/apihashing/python/classics/Makefile + plugins/apihashing/python/custom/Makefile plugins/arm/Makefile plugins/arm/python/Makefile plugins/arm/python/v7/Makefile @@ -659,6 +679,10 @@ AC_CONFIG_FILES([Makefile plugins/dwarf/v2/Makefile plugins/dwarf/v3/Makefile plugins/dwarf/v4/Makefile + plugins/encodings/Makefile + plugins/encodings/python/Makefile + plugins/encodings/python/rost/Makefile + plugins/encodings/rost/Makefile plugins/elf/Makefile plugins/elf/python/Makefile plugins/fmtp/Makefile @@ -672,9 +696,11 @@ AC_CONFIG_FILES([Makefile plugins/kaitai/Makefile plugins/kaitai/parsers/Makefile plugins/kaitai/records/Makefile + plugins/kaitai/rost/Makefile plugins/kaitai/python/Makefile plugins/kaitai/python/parsers/Makefile plugins/kaitai/python/records/Makefile + plugins/kaitai/python/rost/Makefile plugins/libcsem/Makefile plugins/lnxsyscalls/Makefile plugins/mobicore/Makefile @@ -687,6 +713,7 @@ AC_CONFIG_FILES([Makefile plugins/pychrysalide/analysis/db/items/Makefile plugins/pychrysalide/analysis/disass/Makefile plugins/pychrysalide/analysis/scan/Makefile + plugins/pychrysalide/analysis/scan/exprs/Makefile plugins/pychrysalide/analysis/scan/patterns/Makefile plugins/pychrysalide/analysis/scan/patterns/backends/Makefile plugins/pychrysalide/analysis/scan/patterns/modifiers/Makefile @@ -778,6 +805,7 @@ AC_CONFIG_FILES([Makefile tools/d2c/id/Makefile tools/d2c/pattern/Makefile tools/d2c/rules/Makefile + tools/fuzzing/rost/Makefile tools/yara2rost/Makefile system/Makefile system/desktop/Makefile @@ -808,6 +836,7 @@ echo The cryptography and SSL/TLS toolkit......... : $libssl_version echo The client URL library....................... : $libcurl_version echo The YAML support library..................... : $libyaml_version echo The magic number recognition library......... : $libmagic_version +echo The high-performance matching library........ : $libhs_version echo echo Available Python programming language........ : $python3_version diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 7ce4229..1cda6e0 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -28,8 +28,10 @@ SUBDIRS = \ mobicore \ pe \ yaml \ + apihashing \ bhash \ dalvik \ + encodings \ libcsem \ lnxsyscalls \ readdex \ diff --git a/plugins/apihashing/Makefile.am b/plugins/apihashing/Makefile.am new file mode 100644 index 0000000..d73f8b0 --- /dev/null +++ b/plugins/apihashing/Makefile.am @@ -0,0 +1,65 @@ + +lib_LTLIBRARIES = libapihashing.la + +libdir = $(pluginslibdir) + + +if BUILD_PYTHON_PACKAGE + +RUN_PATH = -Wl,-rpath,'$$ORIGIN/../chrysalide-libs:$$ORIGIN' + +else + +RUN_PATH = -Wl,-rpath,'$$ORIGIN' + +endif + +if BUILD_PYTHON3_BINDINGS + +PYTHON3_LIBADD = python/libapihashingpython.la + +if BUILD_DISCARD_LOCAL + +if BUILD_PYTHON_PACKAGE +PYTHON3_RUN_PATH = -Wl,-rpath,'$$ORIGIN/..' +else +PYTHON3_RUN_PATH = -Wl,-rpath,'$$ORIGIN' +endif + +else + +PYTHON3_RUN_PATH = -Wl,-rpath,$(abs_top_srcdir)/plugins/pychrysalide/.libs + +endif + +PYTHON3_LDFLAGS = $(PYTHON3_RUN_PATH) -L$(top_srcdir)/plugins/pychrysalide/.libs -l:pychrysalide.so + +PYTHON3_SUBDIRS = python + +endif + + +libapihashing_la_SOURCES = \ + apihash.h apihash.c \ + core.h core.c + +libapihashing_la_LIBADD = \ + $(PYTHON3_LIBADD) \ + classics/libapihashingclassics.la \ + custom/libapihashingcustom.la + +libapihashing_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +libapihashing_la_LDFLAGS = \ + -avoid-version \ + -L$(top_srcdir)/src/.libs -lchrysacore \ + -L$(top_srcdir)/plugins/pe/.libs -lpe \ + $(RUN_PATH) $(PYTHON3_LDFLAGS) + + +devdir = $(includedir)/chrysalide/$(subdir) + +dev_HEADERS = $(libapihashing_la_SOURCES:%c=) + + +SUBDIRS = $(PYTHON3_SUBDIRS) classics custom diff --git a/plugins/apihashing/apihash.c b/plugins/apihashing/apihash.c new file mode 100644 index 0000000..3313073 --- /dev/null +++ b/plugins/apihashing/apihash.c @@ -0,0 +1,134 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * apihash.c - détermination d'API par empreinte de fonction + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "apihash.h" + + +#include <analysis/scan/patterns/modifier-int.h> + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en empreintes d'API. */ +static void g_api_hash_modifier_class_init(GApiHashModifierClass *klass); + +/* Initialise une instance de transmission en empreinte d'API. */ +static void g_api_hash_modifier_init(GApiHashModifier *); + +/* Supprime toutes les références externes. */ +static void g_api_hash_modifier_dispose(GApiHashModifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_api_hash_modifier_finalize(GApiHashModifier *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en empreinte d'API. */ +G_DEFINE_TYPE(GApiHashModifier, g_api_hash_modifier, G_TYPE_SCAN_TOKEN_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en empreintes d'API. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_api_hash_modifier_class_init(GApiHashModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_api_hash_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_api_hash_modifier_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en empreinte d'API. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_api_hash_modifier_init(GApiHashModifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_api_hash_modifier_dispose(GApiHashModifier *modifier) +{ + G_OBJECT_CLASS(g_api_hash_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_api_hash_modifier_finalize(GApiHashModifier *modifier) +{ + G_OBJECT_CLASS(g_api_hash_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} diff --git a/plugins/apihashing/apihash.h b/plugins/apihashing/apihash.h new file mode 100644 index 0000000..cfc3365 --- /dev/null +++ b/plugins/apihashing/apihash.h @@ -0,0 +1,55 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * apihash.h - prototypes pour la détermination d'API par empreinte de fonction + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_APIHASH_H +#define _PLUGINS_APIHASHING_APIHASH_H + + +#include <glib-object.h> + + +#include <analysis/scan/patterns/modifier.h> + + + +#define G_TYPE_API_HASH_MODIFIER g_api_hash_modifier_get_type() +#define G_API_HASH_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_API_HASH_MODIFIER, GApiHashModifier)) +#define G_IS_API_HASH_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_API_HASH_MODIFIER)) +#define G_API_HASH_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_API_HASH_MODIFIER, GApiHashModifierClass)) +#define G_IS_API_HASH_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_API_HASH_MODIFIER)) +#define G_API_HASH_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_API_HASH_MODIFIER, GApiHashModifierClass)) + + +/* Transormation en empreinte d'API (instance) */ +typedef GScanTokenModifier GApiHashModifier; + +/* Transormation en empreinte d'API (classe) */ +typedef GScanTokenModifierClass GApiHashModifierClass; + + +/* Indique le type défini pour une transormation en empreinte d'API. */ +GType g_api_hash_modifier_get_type(void); + + + +#endif /* _PLUGINS_APIHASHING_APIHASH_H */ diff --git a/plugins/apihashing/classics/Makefile.am b/plugins/apihashing/classics/Makefile.am new file mode 100644 index 0000000..9f97b47 --- /dev/null +++ b/plugins/apihashing/classics/Makefile.am @@ -0,0 +1,14 @@ + +noinst_LTLIBRARIES = libapihashingclassics.la + +libapihashingclassics_la_SOURCES = \ + crc32.h crc32.c \ + djb2.h djb2.c \ + ror13.h ror13.c + +libapihashingclassics_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + + +devdir = $(includedir)/chrysalide-$(subdir) + +dev_HEADERS = $(libapihashingclassics_la_SOURCES:%c=) diff --git a/plugins/apihashing/classics/crc32.c b/plugins/apihashing/classics/crc32.c new file mode 100644 index 0000000..98f9a6b --- /dev/null +++ b/plugins/apihashing/classics/crc32.c @@ -0,0 +1,332 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * crc32.c - transormation en empreinte d'API crc32 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "crc32.h" + + +#include <malloc.h> +#include <string.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en empreintes crc32. */ +static void g_scan_crc32_modifier_class_init(GScanCrc32ModifierClass *klass); + +/* Initialise une instance de transmission en empreinte crc32. */ +static void g_scan_crc32_modifier_init(GScanCrc32Modifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_crc32_modifier_dispose(GScanCrc32Modifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_crc32_modifier_finalize(GScanCrc32Modifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_crc32_modifier_get_name(const GScanCrc32Modifier *); + +/* Calcule l'empreinte crc32 d'un motif de recherche. */ +static uint32_t compute_crc32(const sized_binary_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_crc32_modifier_transform(const GScanCrc32Modifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_crc32_modifier_get_path(const GScanCrc32Modifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en encodage Crc32. */ +G_DEFINE_TYPE(GScanCrc32Modifier, g_scan_crc32_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en empreintes crc32. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_crc32_modifier_class_init(GScanCrc32ModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_crc32_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_crc32_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_crc32_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_crc32_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_crc32_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en empreinte crc32. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_crc32_modifier_init(GScanCrc32Modifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_crc32_modifier_dispose(GScanCrc32Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_crc32_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_crc32_modifier_finalize(GScanCrc32Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_crc32_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des empreintes crc32. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_crc32_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_CRC32_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_crc32_modifier_get_name(const GScanCrc32Modifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("crc32"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : src = séquence d'octets à traiter. * +* * +* Description : Calcule l'empreinte crc32 d'un motif de recherche. * +* * +* Retour : Valeur entière de l'empreinte déterminée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static uint32_t compute_crc32(const sized_binary_t *src) +{ + uint32_t result; /* Valeur à retourner */ + size_t i; /* Boucle de parcours #1 */ + size_t k; /* Boucle de parcours #2 */ + + result = 0xffffffff; + + for (i = 0; i < src->len; i++) + { + result ^= src->data[i]; + + for (k = 0; k < 8; k++) + result = result & 1 ? (result >> 1) ^ 0xedb88320 : result >> 1; + + } + + result = ~result; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_crc32_modifier_transform(const GScanCrc32Modifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + uint32_t hash; /* Valeur d'empreinte calculée */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + hash = compute_crc32(_src); + + binary->data = malloc(sizeof(hash) * sizeof(bin_t)); + binary->len = sizeof(hash); + + memcpy(binary->data, &hash, sizeof(hash)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_crc32_modifier_get_path(const GScanCrc32Modifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("crc32"); + + return result; + +} diff --git a/plugins/apihashing/classics/crc32.h b/plugins/apihashing/classics/crc32.h new file mode 100644 index 0000000..0198c5d --- /dev/null +++ b/plugins/apihashing/classics/crc32.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * crc32.h - prototypes pour la transormation en empreinte d'API crc32 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CLASSICS_CRC32_H +#define _PLUGINS_APIHASHING_CLASSICS_CRC32_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_CRC32_MODIFIER g_scan_crc32_modifier_get_type() +#define G_SCAN_CRC32_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_CRC32_MODIFIER, GScanCrc32Modifier)) +#define G_IS_SCAN_CRC32_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_CRC32_MODIFIER)) +#define G_SCAN_CRC32_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_CRC32_MODIFIER, GScanCrc32ModifierClass)) +#define G_IS_SCAN_CRC32_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_CRC32_MODIFIER)) +#define G_SCAN_CRC32_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_CRC32_MODIFIER, GScanCrc32ModifierClass)) + + +/* Transormation en empreinte d'API crc32 (instance) */ +typedef GApiHashModifier GScanCrc32Modifier; + +/* Transormation en empreinte d'API crc32 (classe) */ +typedef GApiHashModifierClass GScanCrc32ModifierClass; + + +/* Indique le type défini pour une transormation en empreinte crc32. */ +GType g_scan_crc32_modifier_get_type(void); + +/* Construit un modificateur livrant des empreintes crc32. */ +GScanTokenModifier *g_scan_crc32_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CLASSICS_CRC32_H */ diff --git a/plugins/apihashing/classics/djb2.c b/plugins/apihashing/classics/djb2.c new file mode 100644 index 0000000..524218f --- /dev/null +++ b/plugins/apihashing/classics/djb2.c @@ -0,0 +1,323 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * djb2.c - transormation en empreinte d'API djb2 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "djb2.h" + + +#include <malloc.h> +#include <string.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en empreintes djb2. */ +static void g_scan_djb2_modifier_class_init(GScanDjb2ModifierClass *klass); + +/* Initialise une instance de transmission en empreinte djb2. */ +static void g_scan_djb2_modifier_init(GScanDjb2Modifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_djb2_modifier_dispose(GScanDjb2Modifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_djb2_modifier_finalize(GScanDjb2Modifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_djb2_modifier_get_name(const GScanDjb2Modifier *); + +/* Calcule l'empreinte djb2 d'un motif de recherche. */ +static uint32_t compute_djb2(const sized_binary_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_djb2_modifier_transform(const GScanDjb2Modifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_djb2_modifier_get_path(const GScanDjb2Modifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en encodage Djb2. */ +G_DEFINE_TYPE(GScanDjb2Modifier, g_scan_djb2_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en empreintes djb2. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_djb2_modifier_class_init(GScanDjb2ModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_djb2_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_djb2_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_djb2_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_djb2_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_djb2_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en empreinte djb2. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_djb2_modifier_init(GScanDjb2Modifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_djb2_modifier_dispose(GScanDjb2Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_djb2_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_djb2_modifier_finalize(GScanDjb2Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_djb2_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des empreintes djb2. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_djb2_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_DJB2_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_djb2_modifier_get_name(const GScanDjb2Modifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("djb2"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : src = séquence d'octets à traiter. * +* * +* Description : Calcule l'empreinte djb2 d'un motif de recherche. * +* * +* Retour : Valeur entière de l'empreinte déterminée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static uint32_t compute_djb2(const sized_binary_t *src) +{ + uint32_t result; /* Valeur à retourner */ + size_t i; /* Boucle de parcours */ + + result = 0x1505; /* 5381 */ + + for (i = 0; i < src->len; i++) + result = ((result << 5) + result) + src->data[i]; /* hash * 33 + c */ + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_djb2_modifier_transform(const GScanDjb2Modifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + uint32_t hash; /* Valeur d'empreinte calculée */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + hash = compute_djb2(_src); + + binary->data = malloc(sizeof(hash) * sizeof(bin_t)); + binary->len = sizeof(hash); + + memcpy(binary->data, &hash, sizeof(hash)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_djb2_modifier_get_path(const GScanDjb2Modifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("djb2"); + + return result; + +} diff --git a/plugins/apihashing/classics/djb2.h b/plugins/apihashing/classics/djb2.h new file mode 100644 index 0000000..04df1df --- /dev/null +++ b/plugins/apihashing/classics/djb2.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * djb2.h - prototypes pour la transormation en empreinte d'API djb2 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CLASSICS_DJB2_H +#define _PLUGINS_APIHASHING_CLASSICS_DJB2_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_DJB2_MODIFIER g_scan_djb2_modifier_get_type() +#define G_SCAN_DJB2_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_DJB2_MODIFIER, GScanDjb2Modifier)) +#define G_IS_SCAN_DJB2_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_DJB2_MODIFIER)) +#define G_SCAN_DJB2_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_DJB2_MODIFIER, GScanDjb2ModifierClass)) +#define G_IS_SCAN_DJB2_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_DJB2_MODIFIER)) +#define G_SCAN_DJB2_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_DJB2_MODIFIER, GScanDjb2ModifierClass)) + + +/* Transormation en empreinte d'API DJB2 (instance) */ +typedef GApiHashModifier GScanDjb2Modifier; + +/* Transormation en empreinte d'API DJB2 (classe) */ +typedef GApiHashModifierClass GScanDjb2ModifierClass; + + +/* Indique le type défini pour une transormation en empreinte djb2. */ +GType g_scan_djb2_modifier_get_type(void); + +/* Construit un modificateur livrant des empreintes djb2. */ +GScanTokenModifier *g_scan_djb2_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CLASSICS_DJB2_H */ diff --git a/plugins/apihashing/classics/ror13.c b/plugins/apihashing/classics/ror13.c new file mode 100644 index 0000000..e557804 --- /dev/null +++ b/plugins/apihashing/classics/ror13.c @@ -0,0 +1,323 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ror13.c - transormation en empreinte d'API ror13 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "ror13.h" + + +#include <malloc.h> +#include <string.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en empreintes ror13. */ +static void g_scan_ror13_modifier_class_init(GScanRor13ModifierClass *klass); + +/* Initialise une instance de transmission en empreinte ror13. */ +static void g_scan_ror13_modifier_init(GScanRor13Modifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_ror13_modifier_dispose(GScanRor13Modifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_ror13_modifier_finalize(GScanRor13Modifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_ror13_modifier_get_name(const GScanRor13Modifier *); + +/* Calcule l'empreinte ror13 d'un motif de recherche. */ +static uint32_t compute_ror13(const sized_binary_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_ror13_modifier_transform(const GScanRor13Modifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_ror13_modifier_get_path(const GScanRor13Modifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en empreinte ror13. */ +G_DEFINE_TYPE(GScanRor13Modifier, g_scan_ror13_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en empreintes ror13. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_ror13_modifier_class_init(GScanRor13ModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_ror13_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_ror13_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_ror13_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_ror13_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_ror13_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en empreinte ror13. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_ror13_modifier_init(GScanRor13Modifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_ror13_modifier_dispose(GScanRor13Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_ror13_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_ror13_modifier_finalize(GScanRor13Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_ror13_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des empreintes ror13. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_ror13_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_ROR13_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_ror13_modifier_get_name(const GScanRor13Modifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("ror13"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : src = séquence d'octets à traiter. * +* * +* Description : Calcule l'empreinte ror13 d'un motif de recherche. * +* * +* Retour : Valeur entière de l'empreinte déterminée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static uint32_t compute_ror13(const sized_binary_t *src) +{ + uint32_t result; /* Valeur à retourner */ + size_t i; /* Boucle de parcours */ + + result = 0; + + for (i = 0; i < src->len; i++) + result = src->data[i] + ((result << 19) | (result >> 13)); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_ror13_modifier_transform(const GScanRor13Modifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + uint32_t hash; /* Valeur d'empreinte calculée */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + hash = compute_ror13(_src); + + binary->data = malloc(sizeof(hash) * sizeof(bin_t)); + binary->len = sizeof(hash); + + memcpy(binary->data, &hash, sizeof(hash)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_ror13_modifier_get_path(const GScanRor13Modifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("ror13"); + + return result; + +} diff --git a/plugins/apihashing/classics/ror13.h b/plugins/apihashing/classics/ror13.h new file mode 100644 index 0000000..43480bd --- /dev/null +++ b/plugins/apihashing/classics/ror13.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ror13.h - prototypes pour la transormation en empreinte d'API ror13 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CLASSICS_ROR13_H +#define _PLUGINS_APIHASHING_CLASSICS_ROR13_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_ROR13_MODIFIER g_scan_ror13_modifier_get_type() +#define G_SCAN_ROR13_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_ROR13_MODIFIER, GScanRor13Modifier)) +#define G_IS_SCAN_ROR13_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_ROR13_MODIFIER)) +#define G_SCAN_ROR13_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_ROR13_MODIFIER, GScanRor13ModifierClass)) +#define G_IS_SCAN_ROR13_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_ROR13_MODIFIER)) +#define G_SCAN_ROR13_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_ROR13_MODIFIER, GScanRor13ModifierClass)) + + +/* Transormation en empreinte d'API ror13 (instance) */ +typedef GApiHashModifier GScanRor13Modifier; + +/* Transormation en empreinte d'API ror13 (classe) */ +typedef GApiHashModifierClass GScanRor13ModifierClass; + + +/* Indique le type défini pour une transormation en empreinte ror13. */ +GType g_scan_ror13_modifier_get_type(void); + +/* Construit un modificateur livrant des empreintes ror13. */ +GScanTokenModifier *g_scan_ror13_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CLASSICS_ROR13_H */ diff --git a/plugins/apihashing/core.c b/plugins/apihashing/core.c new file mode 100644 index 0000000..a74a637 --- /dev/null +++ b/plugins/apihashing/core.c @@ -0,0 +1,110 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.c - prototypes pour le calcul d'encodages + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "core.h" + + +#include <analysis/scan/core.h> +#include <plugins/self.h> + + +#ifdef INCLUDE_PYTHON3_BINDINGS +# include "python/module.h" +# include "python/classics/module.h" +#endif +#include "classics/crc32.h" +#include "classics/djb2.h" +#include "classics/ror13.h" +#include "custom/add1505-shl5.h" +#include "custom/enigma-murmur.h" +#include "custom/imul21-add.h" +#include "custom/imul83-add.h" +#include "custom/sll1-add-hash32.h" +#include "custom/sub-index1.h" +#include "custom/sub42.h" + + +#ifdef INCLUDE_PYTHON3_BINDINGS_ +# define PG_REQ RL("PyChrysalide") +#else +# define PG_REQ NO_REQ +#endif + + + +DEFINE_CHRYSALIDE_PLUGIN("ApiHashing", "API hash computing as ROST modifiers", + PACKAGE_VERSION, CHRYSALIDE_WEBSITE("doc/formats"), + PG_REQ, AL(PGA_PLUGIN_INIT)); + + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* * +* Description : Prend acte du chargement du greffon. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *plugin) +{ + bool result; /* Bilan à retourner */ + + result = true; + +#define REGISTER_SCAN_MODIFIER(m) \ + ({ \ + GScanTokenModifier *__mod; \ + bool __status; \ + __mod = m; \ + __status = register_scan_token_modifier(__mod); \ + g_object_unref(G_OBJECT(__mod)); \ + __status; \ + }) + + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_crc32_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_djb2_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_ror13_modifier_new()); + + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_add1505_shl5_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_enigma_murmur_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_imul21_add_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_imul83_add_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_sll1_add_hash32_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_sub42_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_sub_index1_modifier_new()); + +#ifdef INCLUDE_PYTHON3_BINDINGS + + if (result) result = add_apihashing_module_to_python_module(); + if (result) result = register_apihashing_classics_modifiers(); + +#endif + + return result; + +} diff --git a/plugins/apihashing/core.h b/plugins/apihashing/core.h new file mode 100644 index 0000000..75a6e73 --- /dev/null +++ b/plugins/apihashing/core.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.h - prototypes pour le calcul d'encodages + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_ENCODINGS_CORE_H +#define _PLUGINS_ENCODINGS_CORE_H + + +#include <plugins/plugin.h> +#include <plugins/plugin-int.h> + + + +/* Prend acte du chargement du greffon. */ +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *); + + + +#endif /* _PLUGINS_ENCODINGS_CORE_H */ diff --git a/plugins/apihashing/custom/Makefile.am b/plugins/apihashing/custom/Makefile.am new file mode 100644 index 0000000..026addc --- /dev/null +++ b/plugins/apihashing/custom/Makefile.am @@ -0,0 +1,18 @@ + +noinst_LTLIBRARIES = libapihashingcustom.la + +libapihashingcustom_la_SOURCES = \ + add1505-shl5.h add1505-shl5.c \ + enigma-murmur.h enigma-murmur.c \ + imul21-add.h imul21-add.c \ + imul83-add.h imul83-add.c \ + sll1-add-hash32.h sll1-add-hash32.c \ + sub-index1.h sub-index1.c \ + sub42.h sub42.c + +libapihashingcustom_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + + +devdir = $(includedir)/chrysalide-$(subdir) + +dev_HEADERS = $(libapihashingcustom_la_SOURCES:%c=) diff --git a/plugins/apihashing/custom/add1505-shl5.c b/plugins/apihashing/custom/add1505-shl5.c new file mode 100644 index 0000000..db96cf1 --- /dev/null +++ b/plugins/apihashing/custom/add1505-shl5.c @@ -0,0 +1,325 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * add1505-shl5.c - transormation en empreinte d'API add1505-shl5 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "add1505-shl5.h" + + +#include <malloc.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en empreintes add1505-shl5. */ +static void g_scan_add1505_shl5_modifier_class_init(GScanAdd1505Shl5ModifierClass *); + +/* Initialise une instance de transmission en empreinte add1505-shl5. */ +static void g_scan_add1505_shl5_modifier_init(GScanAdd1505Shl5Modifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_add1505_shl5_modifier_dispose(GScanAdd1505Shl5Modifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_add1505_shl5_modifier_finalize(GScanAdd1505Shl5Modifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_add1505_shl5_modifier_get_name(const GScanAdd1505Shl5Modifier *); + +/* Calcule l'empreinte add1505-shl5 d'un motif de recherche. */ +static uint32_t compute_add1505_shl5_hash32(const sized_binary_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_add1505_shl5_modifier_transform(const GScanAdd1505Shl5Modifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_add1505_shl5_modifier_get_path(const GScanAdd1505Shl5Modifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en empreinte add1505-shl5. */ +G_DEFINE_TYPE(GScanAdd1505Shl5Modifier, g_scan_add1505_shl5_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en empreintes add1505-shl5. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_add1505_shl5_modifier_class_init(GScanAdd1505Shl5ModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_add1505_shl5_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_add1505_shl5_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_add1505_shl5_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_add1505_shl5_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_add1505_shl5_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en empreinte add1505-shl5. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_add1505_shl5_modifier_init(GScanAdd1505Shl5Modifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_add1505_shl5_modifier_dispose(GScanAdd1505Shl5Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_add1505_shl5_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_add1505_shl5_modifier_finalize(GScanAdd1505Shl5Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_add1505_shl5_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des empreintes add1505-shl5. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_add1505_shl5_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_ADD1505_SHL5_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_add1505_shl5_modifier_get_name(const GScanAdd1505Shl5Modifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("add1505-shl5"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : src = séquence d'octets à traiter. * +* * +* Description : Calcule l'empreinte add1505-shl5 d'un motif de recherche. * +* * +* Retour : Valeur entière de l'empreinte déterminée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static uint32_t compute_add1505_shl5_hash32(const sized_binary_t *src) +{ + uint32_t result; /* Valeur à retourner */ + size_t i; /* Boucle de parcours */ + + result = 0x1505; + + for (i = 0; i < src->len; i++) + { + result += (result << 5); + result += src->data[i]; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_add1505_shl5_modifier_transform(const GScanAdd1505Shl5Modifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + uint32_t hash; /* Valeur d'empreinte calculée */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + hash = compute_add1505_shl5_hash32(_src); + + binary->data = malloc(sizeof(hash) * sizeof(bin_t)); + binary->len = sizeof(hash); + + memcpy(binary->data, &hash, sizeof(hash)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_add1505_shl5_modifier_get_path(const GScanAdd1505Shl5Modifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("add1505-shl5"); + + return result; + +} diff --git a/plugins/apihashing/custom/add1505-shl5.h b/plugins/apihashing/custom/add1505-shl5.h new file mode 100644 index 0000000..5e71987 --- /dev/null +++ b/plugins/apihashing/custom/add1505-shl5.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * add1505-shl5.h - prototypes pour la transormation en empreinte d'API add1505-shl5 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CUSTOM_ADD1505_SHL5_H +#define _PLUGINS_APIHASHING_CUSTOM_ADD1505_SHL5_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_ADD1505_SHL5_MODIFIER g_scan_add1505_shl5_modifier_get_type() +#define G_SCAN_ADD1505_SHL5_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_ADD1505_SHL5_MODIFIER, GScanAdd1505Shl5Modifier)) +#define G_IS_SCAN_ADD1505_SHL5_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_ADD1505_SHL5_MODIFIER)) +#define G_SCAN_ADD1505_SHL5_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_ADD1505_SHL5_MODIFIER, GScanAdd1505Shl5ModifierClass)) +#define G_IS_SCAN_ADD1505_SHL5_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_ADD1505_SHL5_MODIFIER)) +#define G_SCAN_ADD1505_SHL5_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_ADD1505_SHL5_MODIFIER, GScanAdd1505Shl5ModifierClass)) + + +/* Transormation en empreinte d'API add1505-shl5 (instance) */ +typedef GApiHashModifier GScanAdd1505Shl5Modifier; + +/* Transormation en empreinte d'API add1505-shl5 (classe) */ +typedef GApiHashModifierClass GScanAdd1505Shl5ModifierClass; + + +/* Indique le type défini pour une transormation en empreinte add1505-shl5. */ +GType g_scan_add1505_shl5_modifier_get_type(void); + +/* Construit un modificateur livrant des empreintes add1505-shl5. */ +GScanTokenModifier *g_scan_add1505_shl5_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CUSTOM_ADD1505_SHL5_H */ diff --git a/plugins/apihashing/custom/enigma-murmur.c b/plugins/apihashing/custom/enigma-murmur.c new file mode 100644 index 0000000..cdc35b0 --- /dev/null +++ b/plugins/apihashing/custom/enigma-murmur.c @@ -0,0 +1,377 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * enigma-murmur.c - transormation en empreinte d'API enigma-murmur + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "enigma-murmur.h" + + +#include <malloc.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des empreintes enigma-murmur. */ +static void g_scan_enigma_murmur_modifier_class_init(GScanEnigmaMurmurModifierClass *); + +/* Initialise une instance d'empreinte enigma-murmur. */ +static void g_scan_enigma_murmur_modifier_init(GScanEnigmaMurmurModifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_enigma_murmur_modifier_dispose(GScanEnigmaMurmurModifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_enigma_murmur_modifier_finalize(GScanEnigmaMurmurModifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_enigma_murmur_modifier_get_name(const GScanEnigmaMurmurModifier *); + +/* Calcule l'empreinte enigma-murmur d'un motif de recherche. */ +static uint32_t compute_enigma_murmur_hash32(const sized_binary_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_enigma_murmur_modifier_transform(const GScanEnigmaMurmurModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_enigma_murmur_modifier_get_path(const GScanEnigmaMurmurModifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en empreinte enigma-murmur. */ +G_DEFINE_TYPE(GScanEnigmaMurmurModifier, g_scan_enigma_murmur_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des empreintes enigma-murmur. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_enigma_murmur_modifier_class_init(GScanEnigmaMurmurModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_enigma_murmur_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_enigma_murmur_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_enigma_murmur_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_enigma_murmur_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_enigma_murmur_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance d'empreinte enigma-murmur. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_enigma_murmur_modifier_init(GScanEnigmaMurmurModifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_enigma_murmur_modifier_dispose(GScanEnigmaMurmurModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_enigma_murmur_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_enigma_murmur_modifier_finalize(GScanEnigmaMurmurModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_enigma_murmur_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur pour des empreintes enigma-murmur. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_enigma_murmur_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_ENIGMA_MURMUR_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_enigma_murmur_modifier_get_name(const GScanEnigmaMurmurModifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("enigma-murmur"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : src = séquence d'octets à traiter. * +* * +* Description : Calcule l'empreinte enigma-murmur d'un motif de recherche. * +* * +* Retour : Valeur entière de l'empreinte déterminée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static uint32_t compute_enigma_murmur_hash32(const sized_binary_t *src) +{ + uint32_t result; /* Valeur à retourner */ + size_t blk_count; /* Nombre de blocs présents */ + size_t i; /* Boucle de parcours */ + uint32_t k; /* Valeur pour un bloc */ + const bin_t *tail; /* Fragement de bloc final */ + + result = 0x4a03bdfa; + + /* Traitement par blocs de 4 octets */ + + blk_count = src->len / 4; + + for (i = 0; i < blk_count; i++) + { + k = ((uint32_t *)src->data)[i]; + + k *= 0xcc9e2d51; + k = (k << 15) | (k >> 17); + k *= 0x1b873593; + + result ^= k; + result = (result << 13) | (result >> 19); + result = result * 5 + 0xe6546b64; + + } + + /* Traitement du reste */ + + tail = src->static_bin_data + 4 * blk_count; + + k = 0; + + switch (src->len & 3) + { + case 3: + k ^= (tail[2] << 16); + + case 2: + k ^= (tail[1] << 8); + + case 1: + k ^= tail[0]; + k *= 0xcc9e2d51; + k = (k << 15) | (k >> (17)); + k *= 0x1b873593; + result ^= k; + break; + + case 0: + break; + + } + + /* Conclusion */ + + result ^= src->len; + + result ^= (result >> 16); + result *= 0x85ebca6b; + result ^= (result >> 13); + result *= 0xc2b2ae35; + result ^= (result >> 16); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_enigma_murmur_modifier_transform(const GScanEnigmaMurmurModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + uint32_t hash; /* Valeur d'empreinte calculée */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + hash = compute_enigma_murmur_hash32(_src); + + binary->data = malloc(sizeof(hash) * sizeof(bin_t)); + binary->len = sizeof(hash); + + memcpy(binary->data, &hash, sizeof(hash)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_enigma_murmur_modifier_get_path(const GScanEnigmaMurmurModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("enigma-murmur"); + + return result; + +} diff --git a/plugins/apihashing/custom/enigma-murmur.h b/plugins/apihashing/custom/enigma-murmur.h new file mode 100644 index 0000000..29ae803 --- /dev/null +++ b/plugins/apihashing/custom/enigma-murmur.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * enigma-murmur.h - prototypes pour la transormation en empreinte d'API enigma-murmur + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CUSTOM_ENIGMA_MURMUR_H +#define _PLUGINS_APIHASHING_CUSTOM_ENIGMA_MURMUR_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_ENIGMA_MURMUR_MODIFIER g_scan_enigma_murmur_modifier_get_type() +#define G_SCAN_ENIGMA_MURMUR_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_ENIGMA_MURMUR_MODIFIER, GScanEnigmaMurmurModifier)) +#define G_IS_SCAN_ENIGMA_MURMUR_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_ENIGMA_MURMUR_MODIFIER)) +#define G_SCAN_ENIGMA_MURMUR_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_ENIGMA_MURMUR_MODIFIER, GScanEnigmaMurmurModifierClass)) +#define G_IS_SCAN_ENIGMA_MURMUR_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_ENIGMA_MURMUR_MODIFIER)) +#define G_SCAN_ENIGMA_MURMUR_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_ENIGMA_MURMUR_MODIFIER, GScanEnigmaMurmurModifierClass)) + + +/* Transormation en empreinte d'API enigma-murmur (instance) */ +typedef GApiHashModifier GScanEnigmaMurmurModifier; + +/* Transormation en empreinte d'API enigma-murmur (classe) */ +typedef GApiHashModifierClass GScanEnigmaMurmurModifierClass; + + +/* Indique le type défini pour une transormation en empreinte enigma-murmur. */ +GType g_scan_enigma_murmur_modifier_get_type(void); + +/* Construit un modificateur pour des empreintes enigma-murmur. */ +GScanTokenModifier *g_scan_enigma_murmur_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CUSTOM_ENIGMA_MURMUR_H */ diff --git a/plugins/apihashing/custom/imul21-add.c b/plugins/apihashing/custom/imul21-add.c new file mode 100644 index 0000000..2f71910 --- /dev/null +++ b/plugins/apihashing/custom/imul21-add.c @@ -0,0 +1,326 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * imul21-add.c - transormation en empreinte d'API imul21-add + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "imul21-add.h" + + +#include <malloc.h> +#include <string.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en imul21-add. */ +static void g_scan_imul21_add_modifier_class_init(GScanImul21AddModifierClass *); + +/* Initialise une instance de transmission en imul21-add. */ +static void g_scan_imul21_add_modifier_init(GScanImul21AddModifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_imul21_add_modifier_dispose(GScanImul21AddModifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_imul21_add_modifier_finalize(GScanImul21AddModifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_imul21_add_modifier_get_name(const GScanImul21AddModifier *); + +/* Calcule l'empreinte imul21-add d'un motif de recherche. */ +static uint32_t compute_imul21_add(const sized_binary_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_imul21_add_modifier_transform(const GScanImul21AddModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_imul21_add_modifier_get_path(const GScanImul21AddModifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en empreinte imul21-add. */ +G_DEFINE_TYPE(GScanImul21AddModifier, g_scan_imul21_add_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en imul21-add. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_imul21_add_modifier_class_init(GScanImul21AddModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_imul21_add_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_imul21_add_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_imul21_add_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_imul21_add_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_imul21_add_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en imul21-add. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_imul21_add_modifier_init(GScanImul21AddModifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_imul21_add_modifier_dispose(GScanImul21AddModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_imul21_add_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_imul21_add_modifier_finalize(GScanImul21AddModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_imul21_add_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur vers empreintes imul21-add. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_imul21_add_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_IMUL21_ADD_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_imul21_add_modifier_get_name(const GScanImul21AddModifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("imul21-add"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : src = séquence d'octets à traiter. * +* * +* Description : Calcule l'empreinte imul21-add d'un motif de recherche. * +* * +* Retour : Valeur entière de l'empreinte déterminée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static uint32_t compute_imul21_add(const sized_binary_t *src) +{ + uint32_t result; /* Valeur à retourner */ + size_t i; /* Boucle de parcours */ + + result = 0; + + for (i = 0; i < src->len; i++) + { + result *= 0x21; + result += src->data[i]; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_imul21_add_modifier_transform(const GScanImul21AddModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + uint32_t hash; /* Valeur d'empreinte calculée */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + hash = compute_imul21_add(_src); + + binary->data = malloc(sizeof(hash) * sizeof(bin_t)); + binary->len = sizeof(hash); + + memcpy(binary->data, &hash, sizeof(hash)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_imul21_add_modifier_get_path(const GScanImul21AddModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("imul21-add"); + + return result; + +} diff --git a/plugins/apihashing/custom/imul21-add.h b/plugins/apihashing/custom/imul21-add.h new file mode 100644 index 0000000..fcaa140 --- /dev/null +++ b/plugins/apihashing/custom/imul21-add.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * imul21-add.h - prototypes pour la transormation en empreinte d'API imul21-add + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CUSTOM_IMUL21_ADD_H +#define _PLUGINS_APIHASHING_CUSTOM_IMUL21_ADD_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_IMUL21_ADD_MODIFIER g_scan_imul21_add_modifier_get_type() +#define G_SCAN_IMUL21_ADD_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_IMUL21_ADD_MODIFIER, GScanImul21AddModifier)) +#define G_IS_SCAN_IMUL21_ADD_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_IMUL21_ADD_MODIFIER)) +#define G_SCAN_IMUL21_ADD_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_IMUL21_ADD_MODIFIER, GScanImul21AddModifierClass)) +#define G_IS_SCAN_IMUL21_ADD_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_IMUL21_ADD_MODIFIER)) +#define G_SCAN_IMUL21_ADD_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_IMUL21_ADD_MODIFIER, GScanImul21AddModifierClass)) + + +/* Transformation en empreinte d'API imul21-add (instance) */ +typedef GApiHashModifier GScanImul21AddModifier; + +/* Transformation en empreinte d'API imul21-add (classe) */ +typedef GApiHashModifierClass GScanImul21AddModifierClass; + + +/* Indique le type défini pour une transormation en empreinte imul21-add. */ +GType g_scan_imul21_add_modifier_get_type(void); + +/* Construit un modificateur vers empreintes imul21-add. */ +GScanTokenModifier *g_scan_imul21_add_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CUSTOM_IMUL21_ADD_H */ diff --git a/plugins/apihashing/custom/imul83-add.c b/plugins/apihashing/custom/imul83-add.c new file mode 100644 index 0000000..29f8cf5 --- /dev/null +++ b/plugins/apihashing/custom/imul83-add.c @@ -0,0 +1,326 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * imul83-add.c - transormation en empreinte d'API imul83-add + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "imul83-add.h" + + +#include <malloc.h> +#include <string.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en imul83-add. */ +static void g_scan_imul83_add_modifier_class_init(GScanImul83AddModifierClass *); + +/* Initialise une instance de transmission en imul83-add. */ +static void g_scan_imul83_add_modifier_init(GScanImul83AddModifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_imul83_add_modifier_dispose(GScanImul83AddModifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_imul83_add_modifier_finalize(GScanImul83AddModifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_imul83_add_modifier_get_name(const GScanImul83AddModifier *); + +/* Calcule l'empreinte imul83-add d'un motif de recherche. */ +static uint32_t compute_imul83_add(const sized_binary_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_imul83_add_modifier_transform(const GScanImul83AddModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_imul83_add_modifier_get_path(const GScanImul83AddModifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en empreinte imul83-add. */ +G_DEFINE_TYPE(GScanImul83AddModifier, g_scan_imul83_add_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en imul83-add. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_imul83_add_modifier_class_init(GScanImul83AddModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_imul83_add_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_imul83_add_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_imul83_add_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_imul83_add_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_imul83_add_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en imul83-add. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_imul83_add_modifier_init(GScanImul83AddModifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_imul83_add_modifier_dispose(GScanImul83AddModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_imul83_add_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_imul83_add_modifier_finalize(GScanImul83AddModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_imul83_add_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur vers empreintes imul83-add. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_imul83_add_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_IMUL83_ADD_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_imul83_add_modifier_get_name(const GScanImul83AddModifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("imul83-add"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : src = séquence d'octets à traiter. * +* * +* Description : Calcule l'empreinte imul83-add d'un motif de recherche. * +* * +* Retour : Valeur entière de l'empreinte déterminée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static uint32_t compute_imul83_add(const sized_binary_t *src) +{ + uint32_t result; /* Valeur à retourner */ + size_t i; /* Boucle de parcours */ + + result = 0; + + for (i = 0; i < src->len; i++) + { + result *= 0x83; + result += src->data[i]; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_imul83_add_modifier_transform(const GScanImul83AddModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + uint32_t hash; /* Valeur d'empreinte calculée */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + hash = compute_imul83_add(_src); + + binary->data = malloc(sizeof(hash) * sizeof(bin_t)); + binary->len = sizeof(hash); + + memcpy(binary->data, &hash, sizeof(hash)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_imul83_add_modifier_get_path(const GScanImul83AddModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("imul83-add"); + + return result; + +} diff --git a/plugins/apihashing/custom/imul83-add.h b/plugins/apihashing/custom/imul83-add.h new file mode 100644 index 0000000..7e376ee --- /dev/null +++ b/plugins/apihashing/custom/imul83-add.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * imul83-add.h - prototypes pour la transormation en empreinte d'API imul83-add + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CUSTOM_IMUL83_ADD_H +#define _PLUGINS_APIHASHING_CUSTOM_IMUL83_ADD_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_IMUL83_ADD_MODIFIER g_scan_imul83_add_modifier_get_type() +#define G_SCAN_IMUL83_ADD_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_IMUL83_ADD_MODIFIER, GScanImul83AddModifier)) +#define G_IS_SCAN_IMUL83_ADD_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_IMUL83_ADD_MODIFIER)) +#define G_SCAN_IMUL83_ADD_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_IMUL83_ADD_MODIFIER, GScanImul83AddModifierClass)) +#define G_IS_SCAN_IMUL83_ADD_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_IMUL83_ADD_MODIFIER)) +#define G_SCAN_IMUL83_ADD_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_IMUL83_ADD_MODIFIER, GScanImul83AddModifierClass)) + + +/* Transformation en empreinte d'API imul83-add (instance) */ +typedef GApiHashModifier GScanImul83AddModifier; + +/* Transformation en empreinte d'API imul83-add (classe) */ +typedef GApiHashModifierClass GScanImul83AddModifierClass; + + +/* Indique le type défini pour une transormation en empreinte imul83-add. */ +GType g_scan_imul83_add_modifier_get_type(void); + +/* Construit un modificateur vers empreintes imul83-add. */ +GScanTokenModifier *g_scan_imul83_add_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CUSTOM_IMUL83_ADD_H */ diff --git a/plugins/apihashing/custom/sll1-add-hash32.c b/plugins/apihashing/custom/sll1-add-hash32.c new file mode 100644 index 0000000..de00f81 --- /dev/null +++ b/plugins/apihashing/custom/sll1-add-hash32.c @@ -0,0 +1,326 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sll1-add-hash32.c - transormation en empreinte d'API sll1-add-hash32 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "sll1-add-hash32.h" + + +#include <malloc.h> +#include <string.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en sll1-add-hash32. */ +static void g_scan_sll1_add_hash32_modifier_class_init(GScanSll1AddHash32ModifierClass *klass); + +/* Initialise une instance de transmission en sll1-add-hash32. */ +static void g_scan_sll1_add_hash32_modifier_init(GScanSll1AddHash32Modifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_sll1_add_hash32_modifier_dispose(GScanSll1AddHash32Modifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_sll1_add_hash32_modifier_finalize(GScanSll1AddHash32Modifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_sll1_add_hash32_modifier_get_name(const GScanSll1AddHash32Modifier *); + +/* Calcule l'empreinte sll1-add-hash32 d'un motif de recherche. */ +static uint32_t compute_sll1_add_hash32(const sized_binary_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_sll1_add_hash32_modifier_transform(const GScanSll1AddHash32Modifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_sll1_add_hash32_modifier_get_path(const GScanSll1AddHash32Modifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en empreinte sll1-add-hash32. */ +G_DEFINE_TYPE(GScanSll1AddHash32Modifier, g_scan_sll1_add_hash32_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en sll1-add-hash32. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sll1_add_hash32_modifier_class_init(GScanSll1AddHash32ModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_sll1_add_hash32_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_sll1_add_hash32_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_sll1_add_hash32_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_sll1_add_hash32_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_sll1_add_hash32_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en sll1-add-hash32. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sll1_add_hash32_modifier_init(GScanSll1AddHash32Modifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sll1_add_hash32_modifier_dispose(GScanSll1AddHash32Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_sll1_add_hash32_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sll1_add_hash32_modifier_finalize(GScanSll1AddHash32Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_sll1_add_hash32_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur vers empreintes sll1-add-hash32. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_sll1_add_hash32_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_SLL1_ADD_HASH32_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_sll1_add_hash32_modifier_get_name(const GScanSll1AddHash32Modifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("sll1-add-hash32"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : src = séquence d'octets à traiter. * +* * +* Description : Calcule l'empreinte sll1-add-hash32 d'un motif de recherche. * +* * +* Retour : Valeur entière de l'empreinte déterminée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static uint32_t compute_sll1_add_hash32(const sized_binary_t *src) +{ + uint32_t result; /* Valeur à retourner */ + size_t i; /* Boucle de parcours */ + + result = 0; + + for (i = 0; i < src->len; i++) + { + result += (src->data[i] | 0x60); + result <<= 1; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_sll1_add_hash32_modifier_transform(const GScanSll1AddHash32Modifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + uint32_t hash; /* Valeur d'empreinte calculée */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + hash = compute_sll1_add_hash32(_src); + + binary->data = malloc(sizeof(hash) * sizeof(bin_t)); + binary->len = sizeof(hash); + + memcpy(binary->data, &hash, sizeof(hash)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_sll1_add_hash32_modifier_get_path(const GScanSll1AddHash32Modifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("sll1-add-hash32"); + + return result; + +} diff --git a/plugins/apihashing/custom/sll1-add-hash32.h b/plugins/apihashing/custom/sll1-add-hash32.h new file mode 100644 index 0000000..39abee2 --- /dev/null +++ b/plugins/apihashing/custom/sll1-add-hash32.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sll1-add-hash32.h - prototypes pour la transormation en empreinte d'API sll1-add-hash32 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CUSTOM_SLL1_ADD_HASH32_H +#define _PLUGINS_APIHASHING_CUSTOM_SLL1_ADD_HASH32_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_SLL1_ADD_HASH32_MODIFIER g_scan_sll1_add_hash32_modifier_get_type() +#define G_SCAN_SLL1_ADD_HASH32_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_SLL1_ADD_HASH32_MODIFIER, GScanSll1AddHash32Modifier)) +#define G_IS_SCAN_SLL1_ADD_HASH32_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_SLL1_ADD_HASH32_MODIFIER)) +#define G_SCAN_SLL1_ADD_HASH32_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_SLL1_ADD_HASH32_MODIFIER, GScanSll1AddHash32ModifierClass)) +#define G_IS_SCAN_SLL1_ADD_HASH32_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_SLL1_ADD_HASH32_MODIFIER)) +#define G_SCAN_SLL1_ADD_HASH32_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_SLL1_ADD_HASH32_MODIFIER, GScanSll1AddHash32ModifierClass)) + + +/* Transormation en empreinte d'API sll1_add_hash32 (instance) */ +typedef GApiHashModifier GScanSll1AddHash32Modifier; + +/* Transormation en empreinte d'API sll1_add_hash32 (classe) */ +typedef GApiHashModifierClass GScanSll1AddHash32ModifierClass; + + +/* Indique le type défini pour une transormation en empreinte sll1-add-hash32. */ +GType g_scan_sll1_add_hash32_modifier_get_type(void); + +/* Construit un modificateur vers empreintes sll1-add-hash32. */ +GScanTokenModifier *g_scan_sll1_add_hash32_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CUSTOM_SLL1_ADD_HASH32_H */ diff --git a/plugins/apihashing/custom/sub-index1.c b/plugins/apihashing/custom/sub-index1.c new file mode 100644 index 0000000..79eafd8 --- /dev/null +++ b/plugins/apihashing/custom/sub-index1.c @@ -0,0 +1,291 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sub-index1.c - transormation en empreinte d'API sub-index1 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "sub-index1.h" + + +#include <malloc.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en sub-index1. */ +static void g_scan_sub_index1_modifier_class_init(GScanSubIndex1ModifierClass *); + +/* Initialise une instance de transmission en sub-index1. */ +static void g_scan_sub_index1_modifier_init(GScanSubIndex1Modifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_sub_index1_modifier_dispose(GScanSubIndex1Modifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_sub_index1_modifier_finalize(GScanSubIndex1Modifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_sub_index1_modifier_get_name(const GScanSubIndex1Modifier *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_sub_index1_modifier_transform(const GScanSubIndex1Modifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_sub_index1_modifier_get_path(const GScanSubIndex1Modifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en empreinte sub-index1. */ +G_DEFINE_TYPE(GScanSubIndex1Modifier, g_scan_sub_index1_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en sub-index1. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sub_index1_modifier_class_init(GScanSubIndex1ModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_sub_index1_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_sub_index1_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_sub_index1_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_sub_index1_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_sub_index1_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en sub-index1. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sub_index1_modifier_init(GScanSubIndex1Modifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sub_index1_modifier_dispose(GScanSubIndex1Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_sub_index1_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sub_index1_modifier_finalize(GScanSubIndex1Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_sub_index1_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des empreintes sub-index1. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_sub_index1_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_SUB_INDEX1_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_sub_index1_modifier_get_name(const GScanSubIndex1Modifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("sub-index1"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_sub_index1_modifier_transform(const GScanSubIndex1Modifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + size_t k; /* Boucle de parcours #2 */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + binary->len = _src->len; + binary->data = malloc(binary->len); + + for (k = 0; k < _src->len; k++) + binary->data[k] = _src->data[k] + k + 1; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_sub_index1_modifier_get_path(const GScanSubIndex1Modifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("sub-index1"); + + return result; + +} diff --git a/plugins/apihashing/custom/sub-index1.h b/plugins/apihashing/custom/sub-index1.h new file mode 100644 index 0000000..b2acc06 --- /dev/null +++ b/plugins/apihashing/custom/sub-index1.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sub-index1.h - prototypes pour la transormation en empreinte d'API sub-index1 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CUSTOM_SUB_INDEX1_H +#define _PLUGINS_APIHASHING_CUSTOM_SUB_INDEX1_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_SUB_INDEX1_MODIFIER g_scan_sub_index1_modifier_get_type() +#define G_SCAN_SUB_INDEX1_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_SUB_INDEX1_MODIFIER, GScanSubIndex1Modifier)) +#define G_IS_SCAN_SUB_INDEX1_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_SUB_INDEX1_MODIFIER)) +#define G_SCAN_SUB_INDEX1_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_SUB_INDEX1_MODIFIER, GScanSubIndex1ModifierClass)) +#define G_IS_SCAN_SUB_INDEX1_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_SUB_INDEX1_MODIFIER)) +#define G_SCAN_SUB_INDEX1_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_SUB_INDEX1_MODIFIER, GScanSubIndex1ModifierClass)) + + +/* Transormation en empreinte d'API sub-index1 (instance) */ +typedef GApiHashModifier GScanSubIndex1Modifier; + +/* Transormation en empreinte d'API sub-index1 (classe) */ +typedef GApiHashModifierClass GScanSubIndex1ModifierClass; + + +/* Indique le type défini pour une transormation en empreinte sub-index1. */ +GType g_scan_sub_index1_modifier_get_type(void); + +/* Construit un modificateur livrant des empreintes sub-index1. */ +GScanTokenModifier *g_scan_sub_index1_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CUSTOM_SUB_INDEX1_H */ diff --git a/plugins/apihashing/custom/sub42.c b/plugins/apihashing/custom/sub42.c new file mode 100644 index 0000000..95bd49d --- /dev/null +++ b/plugins/apihashing/custom/sub42.c @@ -0,0 +1,291 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sub42.c - transormation en empreinte d'API sub42 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "sub42.h" + + +#include <malloc.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en empreintes sub42. */ +static void g_scan_sub42_modifier_class_init(GScanSub42ModifierClass *); + +/* Initialise une instance de transmission en empreinte sub42. */ +static void g_scan_sub42_modifier_init(GScanSub42Modifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_sub42_modifier_dispose(GScanSub42Modifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_sub42_modifier_finalize(GScanSub42Modifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_sub42_modifier_get_name(const GScanSub42Modifier *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_sub42_modifier_transform(const GScanSub42Modifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_sub42_modifier_get_path(const GScanSub42Modifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en empreinte sub42. */ +G_DEFINE_TYPE(GScanSub42Modifier, g_scan_sub42_modifier, G_TYPE_API_HASH_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en empreintes sub42. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sub42_modifier_class_init(GScanSub42ModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_sub42_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_sub42_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_sub42_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_sub42_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_sub42_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en empreinte sub42. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sub42_modifier_init(GScanSub42Modifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sub42_modifier_dispose(GScanSub42Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_sub42_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_sub42_modifier_finalize(GScanSub42Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_sub42_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des empreintes sub42. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_sub42_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_SUB42_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_sub42_modifier_get_name(const GScanSub42Modifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("sub42"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_sub42_modifier_transform(const GScanSub42Modifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + size_t k; /* Boucle de parcours #2 */ + + result = true; + + *dcount = scount; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + binary->len = _src->len; + binary->data = malloc(binary->len); + + for (k = 0; k < _src->len; k++) + binary->data[k] = _src->data[k] + 0x42; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_sub42_modifier_get_path(const GScanSub42Modifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("sub42"); + + return result; + +} diff --git a/plugins/apihashing/custom/sub42.h b/plugins/apihashing/custom/sub42.h new file mode 100644 index 0000000..8a11741 --- /dev/null +++ b/plugins/apihashing/custom/sub42.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sub42.h - prototypes pour la transormation en empreinte d'API sub42 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_APIHASHING_CUSTOM_SUB42_H +#define _PLUGINS_APIHASHING_CUSTOM_SUB42_H + + +#include <glib-object.h> + + +#include "../apihash.h" + + + +#define G_TYPE_SCAN_SUB42_MODIFIER g_scan_sub42_modifier_get_type() +#define G_SCAN_SUB42_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_SUB42_MODIFIER, GScanSub42Modifier)) +#define G_IS_SCAN_SUB42_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_SUB42_MODIFIER)) +#define G_SCAN_SUB42_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_SUB42_MODIFIER, GScanSub42ModifierClass)) +#define G_IS_SCAN_SUB42_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_SUB42_MODIFIER)) +#define G_SCAN_SUB42_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_SUB42_MODIFIER, GScanSub42ModifierClass)) + + +/* Transormation en empreinte d'API sub42 (instance) */ +typedef GApiHashModifier GScanSub42Modifier; + +/* Transormation en empreinte d'API sub42 (classe) */ +typedef GApiHashModifierClass GScanSub42ModifierClass; + + +/* Indique le type défini pour une transormation en empreinte sub42. */ +GType g_scan_sub42_modifier_get_type(void); + +/* Construit un modificateur livrant des empreintes sub42. */ +GScanTokenModifier *g_scan_sub42_modifier_new(void); + + + +#endif /* _PLUGINS_APIHASHING_CUSTOM_SUB42_H */ diff --git a/plugins/apihashing/python/Makefile.am b/plugins/apihashing/python/Makefile.am new file mode 100644 index 0000000..d94218d --- /dev/null +++ b/plugins/apihashing/python/Makefile.am @@ -0,0 +1,20 @@ + +noinst_LTLIBRARIES = libapihashingpython.la + +libapihashingpython_la_SOURCES = \ + apihash.h apihash.c \ + module.h module.c + +libapihashingpython_la_LIBADD = \ + classics/libapihashingpythonclassics.la + +libapihashingpython_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT + + +devdir = $(includedir)/chrysalide/$(subdir) + +dev_HEADERS = $(libapihashingpython_la_SOURCES:%c=) + + +SUBDIRS = classics diff --git a/plugins/apihashing/python/apihash.c b/plugins/apihashing/python/apihash.c new file mode 100644 index 0000000..a3ae519 --- /dev/null +++ b/plugins/apihashing/python/apihash.c @@ -0,0 +1,212 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.c - équivalent Python du fichier "plugins/encodings/rost/base64.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "apihash.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> +#include <plugins/pychrysalide/analysis/scan/patterns/modifier.h> + + +#include "../apihash.h" + + + +CREATE_DYN_CONSTRUCTOR(api_hash_modifier, G_TYPE_API_HASH_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_api_hash_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_api_hash_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define API_HASH_MODIFIER_DOC \ + "The *ApiHashModifier* class is the base object for all algorithms" \ + " involed in malwares and revolving API functions to call from" \ + " a hash value.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " ApiHashModifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_api_hash_modifier_type(void) +{ + static PyMethodDef py_api_hash_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_api_hash_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_api_hash_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.plugins.apihashing.ApiHashModifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = API_HASH_MODIFIER_DOC, + + .tp_methods = py_api_hash_modifier_methods, + .tp_getset = py_api_hash_modifier_getseters, + + .tp_init = py_api_hash_modifier_init, + .tp_new = py_api_hash_modifier_new, + + }; + + return &py_api_hash_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide.....ApiHashModifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_api_hash_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Python Base64Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_api_hash_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.plugins.apihashing"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_scan_token_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_API_HASH_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en transformation par empreinte d'API. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_api_hash_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_api_hash_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to API hash modifier"); + break; + + case 1: + *((GApiHashModifier **)dst) = G_API_HASH_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/apihash.h b/plugins/apihashing/python/apihash.h new file mode 100644 index 0000000..5474d49 --- /dev/null +++ b/plugins/apihashing/python/apihash.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.h - équivalent Python du fichier "plugins/encodings/rost/base64.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_ENCODINGS_PYTHON_ROST_BASE64_H +#define _PLUGINS_ENCODINGS_PYTHON_ROST_BASE64_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_api_hash_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.plugins.apihashing.ApiHashModifier'. */ +bool ensure_python_api_hash_modifier_is_registered(void); + +/* Tente de convertir en transformation par empreinte d'API. */ +int convert_to_api_hash_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_ENCODINGS_PYTHON_ROST_BASE64_H */ diff --git a/plugins/apihashing/python/classics/Makefile.am b/plugins/apihashing/python/classics/Makefile.am new file mode 100644 index 0000000..316e13f --- /dev/null +++ b/plugins/apihashing/python/classics/Makefile.am @@ -0,0 +1,16 @@ + +noinst_LTLIBRARIES = libapihashingpythonclassics.la + +libapihashingpythonclassics_la_SOURCES = \ + crc32.h crc32.c \ + djb2.h djb2.c \ + module.h module.c \ + ror13.h ror13.c + +libapihashingpythonclassics_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT + + +devdir = $(includedir)/chrysalide-$(subdir) + +dev_HEADERS = $(libapihashingpythonclassics_la_SOURCES:%c=) diff --git a/plugins/apihashing/python/classics/crc32.c b/plugins/apihashing/python/classics/crc32.c new file mode 100644 index 0000000..d7c6f7c --- /dev/null +++ b/plugins/apihashing/python/classics/crc32.c @@ -0,0 +1,211 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * crc32.c - équivalent Python du fichier "plugins/apihashing/classics/crc32.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "crc32.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../classics/crc32.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_crc32_modifier, G_TYPE_SCAN_CRC32_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_crc32_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_crc32_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_CRC32_MODIFIER_DOC \ + "The *Crc32Modifier* class transforms a byte pattern into its" \ + " crc32 encoded form.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Crc32Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_crc32_modifier_type(void) +{ + static PyMethodDef py_scan_crc32_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_crc32_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_crc32_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.Crc32Modifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_CRC32_MODIFIER_DOC, + + .tp_methods = py_scan_crc32_modifier_methods, + .tp_getset = py_scan_crc32_modifier_getseters, + + .tp_init = py_scan_crc32_modifier_init, + .tp_new = py_scan_crc32_modifier_new, + + }; + + return &py_scan_crc32_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide....Crc32Modifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_crc32_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Python Crc32Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_crc32_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_CRC32_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en transformation en empreinte crc32. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_crc32_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_crc32_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to crc32 modifier"); + break; + + case 1: + *((GScanCrc32Modifier **)dst) = G_SCAN_CRC32_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/classics/crc32.h b/plugins/apihashing/python/classics/crc32.h new file mode 100644 index 0000000..118a916 --- /dev/null +++ b/plugins/apihashing/python/classics/crc32.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * crc32.h - équivalent Python du fichier "plugins/apihashing/classics/crc32.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CLASSICS_CRC32_H +#define _PLUGINS_APIHASHING_PYTHON_CLASSICS_CRC32_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_crc32_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.Crc32Modifier'. */ +bool ensure_python_scan_crc32_modifier_is_registered(void); + +/* Tente de convertir en transformation en empreinte crc32. */ +int convert_to_scan_crc32_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CLASSICS_CRC32_H */ diff --git a/plugins/apihashing/python/classics/djb2.c b/plugins/apihashing/python/classics/djb2.c new file mode 100644 index 0000000..f3d0844 --- /dev/null +++ b/plugins/apihashing/python/classics/djb2.c @@ -0,0 +1,211 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * djb2.c - équivalent Python du fichier "plugins/apihashing/classics/djb2.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "djb2.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../classics/djb2.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_djb2_modifier, G_TYPE_SCAN_DJB2_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_djb2_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_djb2_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_DJB2_MODIFIER_DOC \ + "The *Djb2Modifier* class transforms a byte pattern into its" \ + " djb2 encoded form.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Djb2Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_djb2_modifier_type(void) +{ + static PyMethodDef py_scan_djb2_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_djb2_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_djb2_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.Djb2Modifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_DJB2_MODIFIER_DOC, + + .tp_methods = py_scan_djb2_modifier_methods, + .tp_getset = py_scan_djb2_modifier_getseters, + + .tp_init = py_scan_djb2_modifier_init, + .tp_new = py_scan_djb2_modifier_new, + + }; + + return &py_scan_djb2_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide....Djb2Modifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_djb2_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Python Djb2Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_djb2_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_DJB2_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en transformation en empreinte djb2. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_djb2_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_djb2_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to djb2 modifier"); + break; + + case 1: + *((GScanDjb2Modifier **)dst) = G_SCAN_DJB2_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/classics/djb2.h b/plugins/apihashing/python/classics/djb2.h new file mode 100644 index 0000000..b4086f8 --- /dev/null +++ b/plugins/apihashing/python/classics/djb2.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * djb2.h - équivalent Python du fichier "plugins/apihashing/classics/djb2.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CLASSICS_DJB2_H +#define _PLUGINS_APIHASHING_PYTHON_CLASSICS_DJB2_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_djb2_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.Djb2Modifier'. */ +bool ensure_python_scan_djb2_modifier_is_registered(void); + +/* Tente de convertir en transformation en empreinte djb2. */ +int convert_to_scan_djb2_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CLASSICS_DJB2_H */ diff --git a/plugins/apihashing/python/classics/module.c b/plugins/apihashing/python/classics/module.c new file mode 100644 index 0000000..b00757a --- /dev/null +++ b/plugins/apihashing/python/classics/module.c @@ -0,0 +1,68 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.c - intégration du répertoire classics en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "module.h" + + +#include <assert.h> +#include <Python.h> + + +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "crc32.h" +#include "djb2.h" +#include "ror13.h" + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Intègre les modificateurs d'empreintes classiques pour ROST. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool register_apihashing_classics_modifiers(void) +{ + bool result; /* Bilan à retourner */ + + result = true; + + if (result) result = ensure_python_scan_crc32_modifier_is_registered(); + if (result) result = ensure_python_scan_djb2_modifier_is_registered(); + if (result) result = ensure_python_scan_ror13_modifier_is_registered(); + + assert(result); + + return result; + +} diff --git a/plugins/apihashing/python/classics/module.h b/plugins/apihashing/python/classics/module.h new file mode 100644 index 0000000..10c817d --- /dev/null +++ b/plugins/apihashing/python/classics/module.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.h - prototypes pour l'intégration du répertoire classics en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CLASSICS_MODULE_H +#define _PLUGINS_APIHASHING_PYTHON_CLASSICS_MODULE_H + + +#include <stdbool.h> + + + +/* Intègre les modificateurs d'empreintes classiques pour ROST. */ +bool register_apihashing_classics_modifiers(void); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CLASSICS_MODULE_H */ diff --git a/plugins/apihashing/python/classics/ror13.c b/plugins/apihashing/python/classics/ror13.c new file mode 100644 index 0000000..429f7da --- /dev/null +++ b/plugins/apihashing/python/classics/ror13.c @@ -0,0 +1,211 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ror13.c - équivalent Python du fichier "plugins/apihashing/classics/ror13.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "ror13.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../classics/ror13.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_ror13_modifier, G_TYPE_SCAN_ROR13_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_ror13_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_ror13_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_ROR13_MODIFIER_DOC \ + "The *Ror13Modifier* class transforms a byte pattern into its" \ + " ror13 encoded form.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Ror13Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_ror13_modifier_type(void) +{ + static PyMethodDef py_scan_ror13_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_ror13_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_ror13_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.Ror13Modifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_ROR13_MODIFIER_DOC, + + .tp_methods = py_scan_ror13_modifier_methods, + .tp_getset = py_scan_ror13_modifier_getseters, + + .tp_init = py_scan_ror13_modifier_init, + .tp_new = py_scan_ror13_modifier_new, + + }; + + return &py_scan_ror13_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide....Ror13Modifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_ror13_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Python Ror13Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_ror13_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_ROR13_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en transformation en empreinte ror13. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_ror13_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_ror13_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to ror13 modifier"); + break; + + case 1: + *((GScanRor13Modifier **)dst) = G_SCAN_ROR13_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/classics/ror13.h b/plugins/apihashing/python/classics/ror13.h new file mode 100644 index 0000000..021a516 --- /dev/null +++ b/plugins/apihashing/python/classics/ror13.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ror13.h - équivalent Python du fichier "plugins/apihashing/classics/ror13.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CLASSICS_ROR13_H +#define _PLUGINS_APIHASHING_PYTHON_CLASSICS_ROR13_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_ror13_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.Ror13Modifier'. */ +bool ensure_python_scan_ror13_modifier_is_registered(void); + +/* Tente de convertir en transformation en empreinte ror13. */ +int convert_to_scan_ror13_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CLASSICS_ROR13_H */ diff --git a/plugins/apihashing/python/custom/Makefile.am b/plugins/apihashing/python/custom/Makefile.am new file mode 100644 index 0000000..5fbb11f --- /dev/null +++ b/plugins/apihashing/python/custom/Makefile.am @@ -0,0 +1,20 @@ + +noinst_LTLIBRARIES = libapihashingpythoncustom.la + +libapihashingpythoncustom_la_SOURCES = \ + add1505-shl5.h add1505-shl5.c \ + enigma-murmur.h enigma-murmur.c \ + imul21-add.h imul21-add.c \ + imul83-add.h imul83-add.c \ + module.h module.c \ + sll1-add-hash32.h sll1-add-hash32.c \ + sub-index1.h sub-index1.c \ + sub42.h sub42.c + +libapihashingpythoncustom_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT + + +devdir = $(includedir)/chrysalide-$(subdir) + +dev_HEADERS = $(libapihashingpythoncustom_la_SOURCES:%c=) diff --git a/plugins/apihashing/python/custom/add1505-shl5.c b/plugins/apihashing/python/custom/add1505-shl5.c new file mode 100644 index 0000000..f70323c --- /dev/null +++ b/plugins/apihashing/python/custom/add1505-shl5.c @@ -0,0 +1,211 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * add1505-shl5.c - équivalent Python du fichier "plugins/apihashing/custom/add1505-shl5.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "add1505-shl5.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../custom/add1505-shl5.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_add1505_shl5_modifier, G_TYPE_SCAN_ADD1505_SHL5_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_add1505_shl5_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_add1505_shl5_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_ADD1505_SHL5_MODIFIER_DOC \ + "The *Add1505Shl5Modifier* class transforms a byte pattern" \ + " using a add1505-shl5 hash.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Add1505Shl5Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_add1505_shl5_modifier_type(void) +{ + static PyMethodDef py_scan_add1505_shl5_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_add1505_shl5_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_add1505_shl5_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.Add1505Shl5Modifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_ADD1505_SHL5_MODIFIER_DOC, + + .tp_methods = py_scan_add1505_shl5_modifier_methods, + .tp_getset = py_scan_add1505_shl5_modifier_getseters, + + .tp_init = py_scan_add1505_shl5_modifier_init, + .tp_new = py_scan_add1505_shl5_modifier_new, + + }; + + return &py_scan_add1505_shl5_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet '...Add1505Shl5Modifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_add1505_shl5_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Add1505Shl5Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_add1505_shl5_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_ADD1505_SHL5_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en empreinte add1505-shl5. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_add1505_shl5_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_add1505_shl5_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to add1505-shl5 modifier"); + break; + + case 1: + *((GScanAdd1505Shl5Modifier **)dst) = G_SCAN_ADD1505_SHL5_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/custom/add1505-shl5.h b/plugins/apihashing/python/custom/add1505-shl5.h new file mode 100644 index 0000000..941d6ce --- /dev/null +++ b/plugins/apihashing/python/custom/add1505-shl5.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * add1505-shl5.h - équivalent Python du fichier "plugins/apihashing/custom/add1505-shl5.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CUSTOM_ADD1505_SHL5_H +#define _PLUGINS_APIHASHING_PYTHON_CUSTOM_ADD1505_SHL5_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_add1505_shl5_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.Add1505Shl5Modifier'. */ +bool ensure_python_scan_add1505_shl5_modifier_is_registered(void); + +/* Tente de convertir en empreinte add1505-shl5. */ +int convert_to_scan_add1505_shl5_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CUSTOM_ADD1505_SHL5_H */ diff --git a/plugins/apihashing/python/custom/enigma-murmur.c b/plugins/apihashing/python/custom/enigma-murmur.c new file mode 100644 index 0000000..f544f1a --- /dev/null +++ b/plugins/apihashing/python/custom/enigma-murmur.c @@ -0,0 +1,211 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * enigma-murmur.c - équivalent Python du fichier "plugins/apihashing/custom/enigma-murmur.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "enigma-murmur.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../custom/enigma-murmur.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_enigma_murmur_modifier, G_TYPE_SCAN_ENIGMA_MURMUR_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_enigma_murmur_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_enigma_murmur_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_ENIGMA_MURMUR_MODIFIER_DOC \ + "The *EnigmaMurmurModifier* class transforms a byte pattern" \ + " using a enigma-murmur hash.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " EnigmaMurmurModifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_enigma_murmur_modifier_type(void) +{ + static PyMethodDef py_scan_enigma_murmur_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_enigma_murmur_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_enigma_murmur_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.EnigmaMurmurModifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_ENIGMA_MURMUR_MODIFIER_DOC, + + .tp_methods = py_scan_enigma_murmur_modifier_methods, + .tp_getset = py_scan_enigma_murmur_modifier_getseters, + + .tp_init = py_scan_enigma_murmur_modifier_init, + .tp_new = py_scan_enigma_murmur_modifier_new, + + }; + + return &py_scan_enigma_murmur_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet '...EnigmaMurmurModifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_enigma_murmur_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type EnigmaMurmurModifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_enigma_murmur_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_ENIGMA_MURMUR_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en empreinte enigma-murmur. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_enigma_murmur_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_enigma_murmur_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to enigma-murmur modifier"); + break; + + case 1: + *((GScanEnigmaMurmurModifier **)dst) = G_SCAN_ENIGMA_MURMUR_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/custom/enigma-murmur.h b/plugins/apihashing/python/custom/enigma-murmur.h new file mode 100644 index 0000000..8435dae --- /dev/null +++ b/plugins/apihashing/python/custom/enigma-murmur.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * enigma-murmur.h - équivalent Python du fichier "plugins/apihashing/custom/enigma-murmur.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CUSTOM_ENIGMA_MURMUR_H +#define _PLUGINS_APIHASHING_PYTHON_CUSTOM_ENIGMA_MURMUR_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_enigma_murmur_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.EnigmaMurmurModifier'. */ +bool ensure_python_scan_enigma_murmur_modifier_is_registered(void); + +/* Tente de convertir en empreinte enigma-murmur. */ +int convert_to_scan_enigma_murmur_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CUSTOM_ENIGMA_MURMUR_H */ diff --git a/plugins/apihashing/python/custom/imul21-add.c b/plugins/apihashing/python/custom/imul21-add.c new file mode 100644 index 0000000..aadc6cc --- /dev/null +++ b/plugins/apihashing/python/custom/imul21-add.c @@ -0,0 +1,211 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * imul21-add.c - équivalent Python du fichier "plugins/apihashing/custom/imul21-add.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "imul21-add.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../custom/imul21-add.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_imul21_add_modifier, G_TYPE_SCAN_IMUL21_ADD_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_imul21_add_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_imul21_add_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_IMUL21_ADD_MODIFIER_DOC \ + "The *Sll1AddHash32Modifier* class transforms a byte pattern" \ + " using a variation of the sll1 algorithm.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Sll1AddHash32Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_imul21_add_modifier_type(void) +{ + static PyMethodDef py_scan_imul21_add_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_imul21_add_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_imul21_add_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.Imul21AddModifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_IMUL21_ADD_MODIFIER_DOC, + + .tp_methods = py_scan_imul21_add_modifier_methods, + .tp_getset = py_scan_imul21_add_modifier_getseters, + + .tp_init = py_scan_imul21_add_modifier_init, + .tp_new = py_scan_imul21_add_modifier_new, + + }; + + return &py_scan_imul21_add_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet '...Imul21AddModifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_imul21_add_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Sll1AddHash32Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_imul21_add_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_IMUL21_ADD_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en empreinte imul21-add. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_imul21_add_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_imul21_add_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to imul21-add modifier"); + break; + + case 1: + *((GScanImul21AddModifier **)dst) = G_SCAN_IMUL21_ADD_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/custom/imul21-add.h b/plugins/apihashing/python/custom/imul21-add.h new file mode 100644 index 0000000..3fcc053 --- /dev/null +++ b/plugins/apihashing/python/custom/imul21-add.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * imul21-add.h - équivalent Python du fichier "plugins/apihashing/custom/imul21-add.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CUSTOM_IMUL21_ADD_H +#define _PLUGINS_APIHASHING_PYTHON_CUSTOM_IMUL21_ADD_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_imul21_add_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.Imul21AddModifier'. */ +bool ensure_python_scan_imul21_add_modifier_is_registered(void); + +/* Tente de convertir en empreinte imul21-add. */ +int convert_to_scan_imul21_add_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CUSTOM_IMUL21_ADD_H */ diff --git a/plugins/apihashing/python/custom/imul83-add.c b/plugins/apihashing/python/custom/imul83-add.c new file mode 100644 index 0000000..5e2d929 --- /dev/null +++ b/plugins/apihashing/python/custom/imul83-add.c @@ -0,0 +1,211 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * imul83-add.c - équivalent Python du fichier "plugins/apihashing/custom/imul83-add.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "imul83-add.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../custom/imul83-add.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_imul83_add_modifier, G_TYPE_SCAN_IMUL83_ADD_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_imul83_add_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_imul83_add_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_IMUL83_ADD_MODIFIER_DOC \ + "The *Sll1AddHash32Modifier* class transforms a byte pattern" \ + " using a variation of the sll1 algorithm.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Sll1AddHash32Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_imul83_add_modifier_type(void) +{ + static PyMethodDef py_scan_imul83_add_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_imul83_add_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_imul83_add_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.Imul83AddModifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_IMUL83_ADD_MODIFIER_DOC, + + .tp_methods = py_scan_imul83_add_modifier_methods, + .tp_getset = py_scan_imul83_add_modifier_getseters, + + .tp_init = py_scan_imul83_add_modifier_init, + .tp_new = py_scan_imul83_add_modifier_new, + + }; + + return &py_scan_imul83_add_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet '...Imul83AddModifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_imul83_add_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Sll1AddHash32Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_imul83_add_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_IMUL83_ADD_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en empreinte imul83-add. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_imul83_add_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_imul83_add_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to imul83-add modifier"); + break; + + case 1: + *((GScanImul83AddModifier **)dst) = G_SCAN_IMUL83_ADD_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/custom/imul83-add.h b/plugins/apihashing/python/custom/imul83-add.h new file mode 100644 index 0000000..fd05136 --- /dev/null +++ b/plugins/apihashing/python/custom/imul83-add.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * imul83-add.h - équivalent Python du fichier "plugins/apihashing/custom/imul83-add.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CUSTOM_IMUL83_ADD_H +#define _PLUGINS_APIHASHING_PYTHON_CUSTOM_IMUL83_ADD_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_imul83_add_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.Imul83AddModifier'. */ +bool ensure_python_scan_imul83_add_modifier_is_registered(void); + +/* Tente de convertir en empreinte imul83-add. */ +int convert_to_scan_imul83_add_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CUSTOM_IMUL83_ADD_H */ diff --git a/plugins/apihashing/python/custom/module.c b/plugins/apihashing/python/custom/module.c new file mode 100644 index 0000000..07107dd --- /dev/null +++ b/plugins/apihashing/python/custom/module.c @@ -0,0 +1,76 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.c - intégration du répertoire custom en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "module.h" + + +#include <assert.h> +#include <Python.h> + + +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "add1505-shl5.h" +#include "enigma-murmur.h" +#include "imul21-add.h" +#include "imul83-add.h" +#include "sll1-add-hash32.h" +#include "sub-index1.h" +#include "sub42.h" + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Intègre les modificateurs d'empreintes particulières à ROST. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool register_apihashing_custom_modifiers(void) +{ + bool result; /* Bilan à retourner */ + + result = true; + + if (result) result = ensure_python_scan_add1505_shl5_modifier_is_registered(); + if (result) result = ensure_python_scan_enigma_murmur_modifier_is_registered(); + if (result) result = ensure_python_scan_imul21_add_modifier_is_registered(); + if (result) result = ensure_python_scan_imul83_add_modifier_is_registered(); + if (result) result = ensure_python_scan_sll1_add_hash32_modifier_is_registered(); + if (result) result = ensure_python_scan_sub42_modifier_is_registered(); + if (result) result = ensure_python_scan_sub_index1_modifier_is_registered(); + + assert(result); + + return result; + +} diff --git a/plugins/apihashing/python/custom/module.h b/plugins/apihashing/python/custom/module.h new file mode 100644 index 0000000..9073651 --- /dev/null +++ b/plugins/apihashing/python/custom/module.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.h - prototypes pour l'intégration du répertoire custom en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CUSTOM_MODULE_H +#define _PLUGINS_APIHASHING_PYTHON_CUSTOM_MODULE_H + + +#include <stdbool.h> + + + +/* Intègre les modificateurs d'empreintes particulières à ROST. */ +bool register_apihashing_custom_modifiers(void); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CUSTOM_MODULE_H */ diff --git a/plugins/apihashing/python/custom/sll1-add-hash32.c b/plugins/apihashing/python/custom/sll1-add-hash32.c new file mode 100644 index 0000000..c63fcf3 --- /dev/null +++ b/plugins/apihashing/python/custom/sll1-add-hash32.c @@ -0,0 +1,211 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sll1-add-hash32.c - équivalent Python du fichier "plugins/apihashing/custom/sll1-add-hash32.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "sll1-add-hash32.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../custom/sll1-add-hash32.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_sll1_add_hash32_modifier, G_TYPE_SCAN_SLL1_ADD_HASH32_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_sll1_add_hash32_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_sll1_add_hash32_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_SLL1_ADD_HASH32_MODIFIER_DOC \ + "The *Sll1AddHash32Modifier* class transforms a byte pattern" \ + " using a variation of the sll1 algorithm.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Sll1AddHash32Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_sll1_add_hash32_modifier_type(void) +{ + static PyMethodDef py_scan_sll1_add_hash32_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_sll1_add_hash32_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_sll1_add_hash32_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.Sll1AddHash32Modifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_SLL1_ADD_HASH32_MODIFIER_DOC, + + .tp_methods = py_scan_sll1_add_hash32_modifier_methods, + .tp_getset = py_scan_sll1_add_hash32_modifier_getseters, + + .tp_init = py_scan_sll1_add_hash32_modifier_init, + .tp_new = py_scan_sll1_add_hash32_modifier_new, + + }; + + return &py_scan_sll1_add_hash32_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet '...Sll1AddHash32Modifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_sll1_add_hash32_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Sll1AddHash32Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_sll1_add_hash32_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_SLL1_ADD_HASH32_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en empreinte sll1-add-hash32. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_sll1_add_hash32_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_sll1_add_hash32_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to sll1-add-hash32 modifier"); + break; + + case 1: + *((GScanSll1AddHash32Modifier **)dst) = G_SCAN_SLL1_ADD_HASH32_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/custom/sll1-add-hash32.h b/plugins/apihashing/python/custom/sll1-add-hash32.h new file mode 100644 index 0000000..bf11c34 --- /dev/null +++ b/plugins/apihashing/python/custom/sll1-add-hash32.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sll1-add-hash32.h - équivalent Python du fichier "plugins/apihashing/custom/sll1-add-hash32.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CUSTOM_SLL1_ADD_HASH32_H +#define _PLUGINS_APIHASHING_PYTHON_CUSTOM_SLL1_ADD_HASH32_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_sll1_add_hash32_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.Sll1AddHash32Modifier'. */ +bool ensure_python_scan_sll1_add_hash32_modifier_is_registered(void); + +/* Tente de convertir en empreinte sll1-add-hash32. */ +int convert_to_scan_sll1_add_hash32_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CUSTOM_SLL1_ADD_HASH32_H */ diff --git a/plugins/apihashing/python/custom/sub-index1.c b/plugins/apihashing/python/custom/sub-index1.c new file mode 100644 index 0000000..e5c1487 --- /dev/null +++ b/plugins/apihashing/python/custom/sub-index1.c @@ -0,0 +1,213 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sub-index1.c - équivalent Python du fichier "plugins/apihashing/custom/sub-index1.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "sub-index1.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../custom/sub-index1.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_sub_index1_modifier, G_TYPE_SCAN_SUB_INDEX1_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_sub_index1_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_sub_index1_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_SUB_INDEX1_MODIFIER_DOC \ + "The *SubIndex1Modifier* class produces the encrypted version" \ + " of a byte pattern where the index of a byte is added to its" \ + " value.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Sub-Index1Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_sub_index1_modifier_type(void) +{ + static PyMethodDef py_scan_sub_index1_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_sub_index1_modifier_getseters[] = { + + { NULL } + }; + + static PyTypeObject py_scan_sub_index1_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.SubIndex1Modifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_SUB_INDEX1_MODIFIER_DOC, + + .tp_methods = py_scan_sub_index1_modifier_methods, + .tp_getset = py_scan_sub_index1_modifier_getseters, + + .tp_init = py_scan_sub_index1_modifier_init, + .tp_new = py_scan_sub_index1_modifier_new, + + }; + + return &py_scan_sub_index1_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide....SubIndex1Modifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_sub_index1_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Python Sub-Index1Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_sub_index1_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_SUB_INDEX1_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en transformation en empreinte sub-index1.* +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_sub_index1_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_sub_index1_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to sub-index1 modifier"); + break; + + case 1: + *((GScanSubIndex1Modifier **)dst) = G_SCAN_SUB_INDEX1_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/custom/sub-index1.h b/plugins/apihashing/python/custom/sub-index1.h new file mode 100644 index 0000000..65186f3 --- /dev/null +++ b/plugins/apihashing/python/custom/sub-index1.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sub-index1.h - équivalent Python du fichier "plugins/apihashing/custom/sub-index1.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CUSTOM_SUB_INDEX1_H +#define _PLUGINS_APIHASHING_PYTHON_CUSTOM_SUB_INDEX1_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_sub_index1_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.SubIndex1Modifier'. */ +bool ensure_python_scan_sub_index1_modifier_is_registered(void); + +/* Tente de convertir en transformation en empreinte sub-index1. */ +int convert_to_scan_sub_index1_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CUSTOM_SUB_INDEX1_H */ diff --git a/plugins/apihashing/python/custom/sub42.c b/plugins/apihashing/python/custom/sub42.c new file mode 100644 index 0000000..238496d --- /dev/null +++ b/plugins/apihashing/python/custom/sub42.c @@ -0,0 +1,212 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sub42.c - équivalent Python du fichier "plugins/apihashing/custom/sub42.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "sub42.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../apihash.h" +#include "../../custom/sub42.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_sub42_modifier, G_TYPE_SCAN_SUB42_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_sub42_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_sub42_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_SUB42_MODIFIER_DOC \ + "The *Sub42Modifier* class produces the encrypted version of a" \ + " byte pattern where 0x42 is added to each byte.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Sub42Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_sub42_modifier_type(void) +{ + static PyMethodDef py_scan_sub42_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_sub42_modifier_getseters[] = { + + { NULL } + }; + + static PyTypeObject py_scan_sub42_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.Sub42Modifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_SUB42_MODIFIER_DOC, + + .tp_methods = py_scan_sub42_modifier_methods, + .tp_getset = py_scan_sub42_modifier_getseters, + + .tp_init = py_scan_sub42_modifier_init, + .tp_new = py_scan_sub42_modifier_new, + + }; + + return &py_scan_sub42_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide....Sub42Modifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_sub42_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Python Sub42Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_sub42_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_api_hash_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_SUB42_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en transformation en empreinte sub42. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_sub42_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_sub42_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to sub42 modifier"); + break; + + case 1: + *((GScanSub42Modifier **)dst) = G_SCAN_SUB42_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/apihashing/python/custom/sub42.h b/plugins/apihashing/python/custom/sub42.h new file mode 100644 index 0000000..ce3660a --- /dev/null +++ b/plugins/apihashing/python/custom/sub42.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * sub42.h - équivalent Python du fichier "plugins/apihashing/custom/sub42.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_CUSTOM_SUB42_H +#define _PLUGINS_APIHASHING_PYTHON_CUSTOM_SUB42_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_sub42_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.Sub42Modifier'. */ +bool ensure_python_scan_sub42_modifier_is_registered(void); + +/* Tente de convertir en transformation en empreinte sub42. */ +int convert_to_scan_sub42_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_CUSTOM_SUB42_H */ diff --git a/plugins/apihashing/python/module.c b/plugins/apihashing/python/module.c new file mode 100644 index 0000000..588a0d8 --- /dev/null +++ b/plugins/apihashing/python/module.c @@ -0,0 +1,87 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.c - intégration du répertoire apihashing en tant que module + * + * Copyright (C) 2020 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "module.h" + + +#include <assert.h> +#include <Python.h> + + +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "apihash.h" + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Ajoute le module 'plugins.apihashing' au module Python. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool add_apihashing_module_to_python_module(void) +{ + bool result; /* Bilan à retourner */ + PyObject *super; /* Module à compléter */ + PyObject *module; /* Sous-module mis en place */ + +#define PYCHRYSALIDE_PLUGINS_APIHASHING_DOC \ + "apihashing is a module providing a few implementations" \ + " of algorithms used to resolve API functions by hash." + + static PyModuleDef py_chrysalide_apihashing_module = { + + .m_base = PyModuleDef_HEAD_INIT, + + .m_name = "pychrysalide.plugins.apihashing", + .m_doc = PYCHRYSALIDE_PLUGINS_APIHASHING_DOC, + + .m_size = -1, + + }; + + result = false; + + super = get_access_to_python_module("pychrysalide.plugins"); + + module = build_python_module(super, &py_chrysalide_apihashing_module); + + result = (module != NULL); + + if (result) result = ensure_python_api_hash_modifier_is_registered(); + + assert(result); + + return result; + +} diff --git a/plugins/apihashing/python/module.h b/plugins/apihashing/python/module.h new file mode 100644 index 0000000..fe628b9 --- /dev/null +++ b/plugins/apihashing/python/module.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.h - prototypes pour l'intégration du répertoire apihashing en tant que module + * + * Copyright (C) 2020 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_APIHASHING_PYTHON_MODULE_H +#define _PLUGINS_APIHASHING_PYTHON_MODULE_H + + +#include <stdbool.h> + + + +/* Ajoute le module 'plugins.apihashing' au module Python. */ +bool add_apihashing_module_to_python_module(void); + + + +#endif /* _PLUGINS_APIHASHING_PYTHON_MODULE_H */ diff --git a/plugins/dalvik/context.c b/plugins/dalvik/context.c index b08678c..9cf878b 100644 --- a/plugins/dalvik/context.c +++ b/plugins/dalvik/context.c @@ -373,7 +373,7 @@ bool g_dalvik_context_register_array_data_padding(GDalvikContext *ctx, const vmp * * ******************************************************************************/ -GArchInstruction *g_dalvik_context_get_raw_data(GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos) +GArchInstruction *g_dalvik_context_get_raw_data(GDalvikContext *ctx, GBinContent *content, vmpa2t *pos) { GArchInstruction *result; /* Instruction à retourner */ raw_data_area *found; /* Zone de couverture trouvée */ @@ -390,7 +390,7 @@ GArchInstruction *g_dalvik_context_get_raw_data(GDalvikContext *ctx, const GBinC if (found) { - restricted = g_restricted_content_new_ro(content, &found->range); + restricted = g_restricted_content_new(content, &found->range); length = get_mrange_length(&found->range); count = length / found->item_len; diff --git a/plugins/dalvik/context.h b/plugins/dalvik/context.h index bfa2757..f09cfa6 100644 --- a/plugins/dalvik/context.h +++ b/plugins/dalvik/context.h @@ -67,7 +67,7 @@ bool g_dalvik_context_register_array_data(GDalvikContext *, const vmpa2t *, uint bool g_dalvik_context_register_array_data_padding(GDalvikContext *, const vmpa2t *); /* Place une donnée en tant qu'instruction si besoin est. */ -GArchInstruction *g_dalvik_context_get_raw_data(GDalvikContext *, const GBinContent *, vmpa2t *); +GArchInstruction *g_dalvik_context_get_raw_data(GDalvikContext *, GBinContent *, vmpa2t *); diff --git a/plugins/encodings/Makefile.am b/plugins/encodings/Makefile.am new file mode 100644 index 0000000..6dd71fb --- /dev/null +++ b/plugins/encodings/Makefile.am @@ -0,0 +1,64 @@ + +lib_LTLIBRARIES = libencodings.la + +libdir = $(pluginslibdir) + + +if BUILD_PYTHON_PACKAGE + +RUN_PATH = -Wl,-rpath,'$$ORIGIN/../chrysalide-libs:$$ORIGIN' + +else + +RUN_PATH = -Wl,-rpath,'$$ORIGIN' + +endif + +if BUILD_PYTHON3_BINDINGS + +PYTHON3_LIBADD = python/libencodingspython.la + +if BUILD_DISCARD_LOCAL + +if BUILD_PYTHON_PACKAGE +PYTHON3_RUN_PATH = -Wl,-rpath,'$$ORIGIN/..' +else +PYTHON3_RUN_PATH = -Wl,-rpath,'$$ORIGIN' +endif + +else + +PYTHON3_RUN_PATH = -Wl,-rpath,$(abs_top_srcdir)/plugins/pychrysalide/.libs + +endif + +PYTHON3_LDFLAGS = $(PYTHON3_RUN_PATH) -L$(top_srcdir)/plugins/pychrysalide/.libs -l:pychrysalide.so + +PYTHON3_SUBDIRS = python + +endif + + +libencodings_la_SOURCES = \ + base64.h base64.c \ + core.h core.c + +libencodings_la_LIBADD = \ + $(PYTHON3_LIBADD) \ + rost/libencodingsrost.la + +libencodings_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +libencodings_la_LDFLAGS = \ + -avoid-version \ + -L$(top_srcdir)/src/.libs -lchrysacore \ + -L$(top_srcdir)/plugins/pe/.libs -lpe \ + $(RUN_PATH) $(PYTHON3_LDFLAGS) + + +devdir = $(includedir)/chrysalide/$(subdir) + +dev_HEADERS = $(libencodings_la_SOURCES:%c=) + + +SUBDIRS = $(PYTHON3_SUBDIRS) rost diff --git a/plugins/encodings/base64.c b/plugins/encodings/base64.c new file mode 100644 index 0000000..c749a87 --- /dev/null +++ b/plugins/encodings/base64.c @@ -0,0 +1,139 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.c - calculs d'encodages en base 64 + * + * Copyright (C) 2020 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "base64.h" + + + +/****************************************************************************** +* * +* Paramètres : input = données d'entrée à traiter. * +* output = données sortantes constituées. [OUT] * +* alphabet = alphabet d'encodage mis à disposition. * +* * +* Description : Procède à l'encodage d'un contenu en base 64. * +* * +* Retour : Bilan de l'opération : true en cas de réussite, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool _base64_encode(const sized_binary_t *input, sized_string_t *output, const sized_string_t *alphabet) +{ + bool result; /* Bilan à retourner */ + const bin_t *src; /* Tête de lecture #1 */ + const bin_t *alpha; /* Tête de lecture #2 */ + bin_t *iter; /* Tête d'écriture */ + size_t i; /* Boucle de parcours */ + + result = (alphabet->len == 64); + if (!result) goto exit; + + /* Création du réceptacle */ + + output->len = input->len * 4 / 3; + + if (output->len % 4 != 0) + output->len += (4 - output->len % 4); + + output->data = malloc((output->len + 1) * sizeof(bin_t)); + + /* Encodage du corps du message */ + + src = input->static_bin_data; + alpha = alphabet->static_bin_data; + + iter = output->bin_data; + + if (input->len > 2) + for (i = 0; i < (input->len - 2); i += 3) + { + *iter++ = alpha[(src[i] >> 2) & 0x3f]; + + *iter++ = alpha[((src[i] & 0x03) << 4) | ((src[i + 1] & 0xf0) >> 4)]; + + *iter++ = alpha[((src[i + 1] & 0x0f) << 2) | ((src[i + 2] & 0xc0) >> 6)]; + + *iter++ = alpha[src[i + 2] & 0x3f]; + + } + else + i = 0; + + /* Bourrage final ? */ + + if (i < input->len) + { + *iter++ = alpha[(src[i] >> 2) & 0x3f]; + + if (i == (input->len - 1)) + { + *iter++ = alpha[((src[i] & 0x03) << 4)]; + *iter++ = '='; + } + else + { + *iter++ = alpha[((src[i] & 0x03) << 4) | ((src[i + 1] & 0xf0) >> 4)]; + *iter++ = alpha[((src[i + 1] & 0x0f) << 2)]; + } + + *iter++ = '='; + } + + *iter = 0x00; + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : input = données d'entrée à traiter. * +* output = données sortantes constituées. [OUT] * +* * +* Description : Procède à l'encodage par défaut d'un contenu en base 64. * +* * +* Retour : Bilan de l'opération : true en cas de réussite, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool base64_encode(const sized_binary_t *input, sized_string_t *output) +{ + bool result; /* Bilan à retourner */ + + const sized_string_t alphabet = { + .static_data = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", + .len = 64 + }; + + result = _base64_encode(input, output, &alphabet); + + return result; + +} diff --git a/plugins/encodings/base64.h b/plugins/encodings/base64.h new file mode 100644 index 0000000..64ddccd --- /dev/null +++ b/plugins/encodings/base64.h @@ -0,0 +1,43 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.h - prototypes pour les calculs d'encodages en base 64 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_ENCODINGS_BASE64_H +#define _PLUGINS_ENCODINGS_BASE64_H + + +#include <stdbool.h> + + +#include <common/szstr.h> + + + +/* Procède à l'encodage d'un contenu en base 64. */ +bool _base64_encode(const sized_binary_t *, sized_string_t *, const sized_string_t *); + +/* Procède à l'encodage par défaut d'un contenu en base 64. */ +bool base64_encode(const sized_binary_t *, sized_string_t *); + + + +#endif /* _PLUGINS_ENCODINGS_BASE64_H */ diff --git a/plugins/encodings/core.c b/plugins/encodings/core.c new file mode 100644 index 0000000..2ece208 --- /dev/null +++ b/plugins/encodings/core.c @@ -0,0 +1,89 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.c - prototypes pour le calcul d'encodages + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "core.h" + + +#include <analysis/scan/core.h> +#include <plugins/self.h> + + +#ifdef INCLUDE_PYTHON3_BINDINGS +# include "python/module.h" +# include "python/rost/module.h" +#endif +#include "rost/base64.h" + + +#ifdef INCLUDE_PYTHON3_BINDINGS_ +# define PG_REQ RL("PyChrysalide") +#else +# define PG_REQ NO_REQ +#endif + + + +DEFINE_CHRYSALIDE_PLUGIN("Encodings", "Special encoding methods for binaries", + PACKAGE_VERSION, CHRYSALIDE_WEBSITE("doc/formats"), + PG_REQ, AL(PGA_PLUGIN_INIT)); + + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* * +* Description : Prend acte du chargement du greffon. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *plugin) +{ + bool result; /* Bilan à retourner */ + GScanTokenModifier *modifier; /* Modificateur à enregistrer */ + + modifier = g_scan_base64_modifier_new(); + + result = register_scan_token_modifier(modifier); + + g_object_unref(G_OBJECT(modifier)); + + if (!result) goto exit; + +#ifdef INCLUDE_PYTHON3_BINDINGS + + result = add_encodings_module_to_python_module(); + + if (result) + result = register_encodings_rost_modifiers(); +#endif + + exit: + + return result; + +} diff --git a/plugins/encodings/core.h b/plugins/encodings/core.h new file mode 100644 index 0000000..75a6e73 --- /dev/null +++ b/plugins/encodings/core.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.h - prototypes pour le calcul d'encodages + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_ENCODINGS_CORE_H +#define _PLUGINS_ENCODINGS_CORE_H + + +#include <plugins/plugin.h> +#include <plugins/plugin-int.h> + + + +/* Prend acte du chargement du greffon. */ +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *); + + + +#endif /* _PLUGINS_ENCODINGS_CORE_H */ diff --git a/plugins/encodings/python/Makefile.am b/plugins/encodings/python/Makefile.am new file mode 100644 index 0000000..523a6f4 --- /dev/null +++ b/plugins/encodings/python/Makefile.am @@ -0,0 +1,21 @@ + +noinst_LTLIBRARIES = libencodingspython.la + +libencodingspython_la_SOURCES = \ + base64.h base64.c \ + module.h module.c + +libencodingspython_la_LIBADD = \ + rost/libencodingspythonrost.la + +libencodingspython_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) \ + $(LIBPYTHON_INTERPRETER_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT + + +devdir = $(includedir)/chrysalide/$(subdir) + +dev_HEADERS = $(libencodingspython_la_SOURCES:%c=) + + +SUBDIRS = rost diff --git a/plugins/encodings/python/base64.c b/plugins/encodings/python/base64.c new file mode 100644 index 0000000..3bc84a2 --- /dev/null +++ b/plugins/encodings/python/base64.c @@ -0,0 +1,139 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.c - équivalent Python du fichier "plugins/encodings/base64.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "base64.h" + + +#include <pygobject.h> + + +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "../base64.h" + + + +/* Procède à l'encodage d'un contenu en base 64. */ +static PyObject *py_encodings_base64_encode(PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* args = paramètre à récupérer pour le traitement. * +* * +* Description : Procède à l'encodage d'un contenu en base 64. * +* * +* Retour : None ou données sortantes constituées. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_encodings_base64_encode(PyObject *self, PyObject *args) +{ + PyObject *result; /* Valeur à retourner */ + sized_string_t alphabet; /* Alphabet de traitement ? */ + Py_ssize_t alen; /* Taille de cet alphabet */ + sized_binary_t input; /* Données à traiter */ + Py_ssize_t ilen; /* Quantité de ces données */ + int ret; /* Bilan de lecture des args. */ + sized_string_t output; /* Données encodées à exporter */ + bool status; /* Bilan de l'opération */ + +#define ENCODINGS_BASE64_ENCODE_METHOD PYTHON_METHOD_DEF \ +( \ + base64_encode, "input, /, alphabet=None", \ + METH_VARARGS, py_encodings, \ + "Encode a given content using Base64.\n" \ + "\n" \ + "The *input* argument has to be provided as bytes. The optional" \ + " *alphabet* is expected to be a 64-byte array if defined.\n" \ + "\n" \ + "The returned value is bytes or *None* in case of error." \ +) + + result = NULL; + + alphabet.data = NULL; + alen = 0; + + ret = PyArg_ParseTuple(args, "s#|s#", &input.static_data, &ilen, &alphabet.static_data, &alen); + if (!ret) goto exit; + + alphabet.len = alen; + input.len = ilen; + + if (alphabet.len > 0) + status = _base64_encode(&input, &output, &alphabet); + else + status = base64_encode(&input, &output); + + if (status) + { + result = PyBytes_FromStringAndSize(output.data, output.len); + exit_szstr(&output); + } + else + { + result = Py_None; + Py_INCREF(result); + } + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : super = module dont la définition est à compléter. * +* * +* Description : Définit une extension du module 'encodings' à compléter. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool populate_encodings_module_with_base64(PyObject *super) +{ + bool result; /* Bilan à retourner */ + + static PyMethodDef py_base64_methods[] = { + ENCODINGS_BASE64_ENCODE_METHOD, + { NULL } + }; + + result = register_python_module_methods(super, py_base64_methods); + + return result; + +} diff --git a/plugins/encodings/python/base64.h b/plugins/encodings/python/base64.h new file mode 100644 index 0000000..1e08cf6 --- /dev/null +++ b/plugins/encodings/python/base64.h @@ -0,0 +1,39 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.h - équivalent Python du fichier "plugins/encodings/base64.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_ENCODINGS_PYTHON_BASE64_H +#define _PLUGINS_ENCODINGS_PYTHON_BASE64_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Définit une extension du module 'encodings' à compléter. */ +bool populate_encodings_module_with_base64(PyObject *); + + + +#endif /* _PLUGINS_ENCODINGS_PYTHON_BASE64_H */ diff --git a/plugins/encodings/python/module.c b/plugins/encodings/python/module.c new file mode 100644 index 0000000..454159b --- /dev/null +++ b/plugins/encodings/python/module.c @@ -0,0 +1,87 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.c - intégration du répertoire encodings en tant que module + * + * Copyright (C) 2020 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "module.h" + + +#include <assert.h> +#include <Python.h> + + +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "base64.h" + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Ajoute le module 'plugins.encodings' au module Python. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool add_encodings_module_to_python_module(void) +{ + bool result; /* Bilan à retourner */ + PyObject *super; /* Module à compléter */ + PyObject *module; /* Sous-module mis en place */ + +#define PYCHRYSALIDE_PLUGINS_ENCODINGS_DOC \ + "encodings is a module providing a few implementations" \ + " of algorithms used to encode data." + + static PyModuleDef py_chrysalide_encodings_module = { + + .m_base = PyModuleDef_HEAD_INIT, + + .m_name = "pychrysalide.plugins.encodings", + .m_doc = PYCHRYSALIDE_PLUGINS_ENCODINGS_DOC, + + .m_size = -1, + + }; + + result = false; + + super = get_access_to_python_module("pychrysalide.plugins"); + + module = build_python_module(super, &py_chrysalide_encodings_module); + + result = (module != NULL); + + if (result) result = populate_encodings_module_with_base64(module); + + assert(result); + + return result; + +} diff --git a/plugins/encodings/python/module.h b/plugins/encodings/python/module.h new file mode 100644 index 0000000..e7dd812 --- /dev/null +++ b/plugins/encodings/python/module.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.h - prototypes pour l'intégration du répertoire encodings en tant que module + * + * Copyright (C) 2020 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_ENCODINGS_PYTHON_MODULE_H +#define _PLUGINS_ENCODINGS_PYTHON_MODULE_H + + +#include <stdbool.h> + + + +/* Ajoute le module 'plugins.encodings' au module Python. */ +bool add_encodings_module_to_python_module(void); + + + +#endif /* _PLUGINS_ENCODINGS_PYTHON_MODULE_H */ diff --git a/plugins/encodings/python/rost/Makefile.am b/plugins/encodings/python/rost/Makefile.am new file mode 100644 index 0000000..531fb26 --- /dev/null +++ b/plugins/encodings/python/rost/Makefile.am @@ -0,0 +1,15 @@ + +noinst_LTLIBRARIES = libencodingspythonrost.la + +libencodingspythonrost_la_SOURCES = \ + base64.h base64.c \ + module.h module.c + +libencodingspythonrost_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) \ + $(LIBPYTHON_INTERPRETER_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT + + +devdir = $(includedir)/chrysalide-$(subdir) + +dev_HEADERS = $(libencodingspythonrost_la_SOURCES:%c=) diff --git a/plugins/encodings/python/rost/base64.c b/plugins/encodings/python/rost/base64.c new file mode 100644 index 0000000..57bba76 --- /dev/null +++ b/plugins/encodings/python/rost/base64.c @@ -0,0 +1,211 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.c - équivalent Python du fichier "plugins/encodings/rost/base64.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "base64.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> +#include <plugins/pychrysalide/analysis/scan/patterns/modifier.h> + + +#include "../../rost/base64.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_base64_modifier, G_TYPE_SCAN_BASE64_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_base64_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_base64_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_BASE64_MODIFIER_DOC \ + "The *Base64Modifier* class transforms a byte pattern into its" \ + " base64 encoded form.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " Base64Modifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_base64_modifier_type(void) +{ + static PyMethodDef py_scan_base64_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_base64_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_base64_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.Base64Modifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_BASE64_MODIFIER_DOC, + + .tp_methods = py_scan_base64_modifier_methods, + .tp_getset = py_scan_base64_modifier_getseters, + + .tp_init = py_scan_base64_modifier_init, + .tp_new = py_scan_base64_modifier_new, + + }; + + return &py_scan_base64_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide....Base64Modifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_base64_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Python Base64Modifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_base64_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_scan_token_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_BASE64_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en transformation par encodage en Base64. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_base64_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_base64_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to Base64 modifier"); + break; + + case 1: + *((GScanBase64Modifier **)dst) = G_SCAN_BASE64_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/encodings/python/rost/base64.h b/plugins/encodings/python/rost/base64.h new file mode 100644 index 0000000..0ef0834 --- /dev/null +++ b/plugins/encodings/python/rost/base64.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.h - équivalent Python du fichier "plugins/encodings/rost/base64.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_ENCODINGS_PYTHON_ROST_BASE64_H +#define _PLUGINS_ENCODINGS_PYTHON_ROST_BASE64_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_base64_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.Base64Modifier'. */ +bool ensure_python_scan_base64_modifier_is_registered(void); + +/* Tente de convertir en transformation par encodage en Base64. */ +int convert_to_scan_base64_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_ENCODINGS_PYTHON_ROST_BASE64_H */ diff --git a/plugins/encodings/python/rost/module.c b/plugins/encodings/python/rost/module.c new file mode 100644 index 0000000..4812bb5 --- /dev/null +++ b/plugins/encodings/python/rost/module.c @@ -0,0 +1,64 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.c - intégration du répertoire rost en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "module.h" + + +#include <assert.h> +#include <Python.h> + + +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "base64.h" + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Intègre les modificateurs pour ROST. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool register_encodings_rost_modifiers(void) +{ + bool result; /* Bilan à retourner */ + + result = true; + + if (result) result = ensure_python_scan_base64_modifier_is_registered(); + + assert(result); + + return result; + +} diff --git a/plugins/encodings/python/rost/module.h b/plugins/encodings/python/rost/module.h new file mode 100644 index 0000000..ba021cb --- /dev/null +++ b/plugins/encodings/python/rost/module.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.h - prototypes pour l'intégration du répertoire rost en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_ENCODINGS_PYTHON_ROST_MODULE_H +#define _PLUGINS_ENCODINGS_PYTHON_ROST_MODULE_H + + +#include <stdbool.h> + + + +/* Intègre les modificateurs pour ROST. */ +bool register_encodings_rost_modifiers(void); + + + +#endif /* _PLUGINS_ENCODINGS_PYTHON_ROST_MODULE_H */ diff --git a/plugins/encodings/rost/Makefile.am b/plugins/encodings/rost/Makefile.am new file mode 100644 index 0000000..efca690 --- /dev/null +++ b/plugins/encodings/rost/Makefile.am @@ -0,0 +1,12 @@ + +noinst_LTLIBRARIES = libencodingsrost.la + +libencodingsrost_la_SOURCES = \ + base64.h base64.c + +libencodingsrost_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + + +devdir = $(includedir)/chrysalide-$(subdir) + +dev_HEADERS = $(libencodingsrost_la_SOURCES:%c=) diff --git a/plugins/encodings/rost/base64.c b/plugins/encodings/rost/base64.c new file mode 100644 index 0000000..adbb2fb --- /dev/null +++ b/plugins/encodings/rost/base64.c @@ -0,0 +1,555 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.c - transormation en encodage Base64 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "base64.h" + + +#include <assert.h> +#include <malloc.h> +#include <stdint.h> +#include <string.h> + + +#include <analysis/scan/patterns/modifier-int.h> + + +#include "../base64.h" + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en encodage Base64. */ +static void g_scan_base64_modifier_class_init(GScanBase64ModifierClass *klass); + +/* Initialise une instance de transmission en encodage Base64. */ +static void g_scan_base64_modifier_init(GScanBase64Modifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_base64_modifier_dispose(GScanBase64Modifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_base64_modifier_finalize(GScanBase64Modifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_base64_modifier_get_name(const GScanBase64Modifier *); + +/* Finalise l'encoddage en Base64 d'un motif transformé. */ +static void strip_base64_modifier_output(const sized_binary_t *, const sized_binary_t *, size_t, sized_binary_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_base64_modifier_transform(const GScanBase64Modifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Détermine si un argument est bien toléré par un modificateur. */ +static bool g_scan_base64_modifier_can_handle_arg(const GScanBase64Modifier *, const modifier_arg_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_base64_modifier_transform_with_arg(const GScanBase64Modifier *, const sized_binary_t *, size_t, const modifier_arg_t *, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_base64_modifier_get_path(const GScanBase64Modifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation en encodage Base64. */ +G_DEFINE_TYPE(GScanBase64Modifier, g_scan_base64_modifier, G_TYPE_SCAN_TOKEN_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en encodage Base64. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_base64_modifier_class_init(GScanBase64ModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_base64_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_base64_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_base64_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_base64_modifier_transform; + modifier->can_handle = (can_token_modifier_handle_arg)g_scan_base64_modifier_can_handle_arg; + modifier->transform_with = (transform_scan_token_with_fc)g_scan_base64_modifier_transform_with_arg; + modifier->get_path = (get_modifier_path)g_scan_base64_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en encodage Base64. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_base64_modifier_init(GScanBase64Modifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_base64_modifier_dispose(GScanBase64Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_base64_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_base64_modifier_finalize(GScanBase64Modifier *modifier) +{ + G_OBJECT_CLASS(g_scan_base64_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des encodages en Base64. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_base64_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_BASE64_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_base64_modifier_get_name(const GScanBase64Modifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("base64"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : input = contenu brut d'origine. * +* tmpput = encodage en Base64 intermédiaire obtenu. * +* skip = nombre de caractères initiaux à sauter. * +* output = encodage en Base64 final à conserver. * +* * +* Description : Finalise l'encoddage en Base64 d'un motif transformé. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void strip_base64_modifier_output(const sized_binary_t *input, const sized_binary_t *tmpput, size_t skip, sized_binary_t *output) +{ + size_t keep; /* Nombre d'octets immuables */ + + keep = (input->len * 8) / 6; + + assert(keep >= skip); + + if (skip > 0) + skip++; + + keep -= skip; + + output->len = keep; + output->bin_data = malloc(keep * sizeof(bin_t)); + + memcpy(output->bin_data, tmpput->static_bin_data + skip, keep); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_base64_modifier_transform(const GScanBase64Modifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + sized_binary_t tmp_in; /* Manipulation des variations */ + sized_binary_t tmp_out; /* Manipulation des variations */ + + result = true; + + *dcount = scount * 3; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount && result; i++) + { + _src = src + i; + + tmp_in.data = malloc((_src->len + 2) * sizeof(bin_t)); + + /** + * Explications sur la définition des modifications sur les + * encodages produits : https://www.leeholmes.com/searching-for-content-in-base-64-strings/ + */ + + /* Encodage premier */ + + result = base64_encode(_src, &tmp_out); + if (!result) goto exit; + + strip_base64_modifier_output(_src, &tmp_out, 0, binary++); + + exit_szstr(&tmp_out); + + /* Variante 1 */ + + tmp_in.data[0] = ' '; + memcpy(&tmp_in.data[1], _src->static_bin_data, _src->len); + + tmp_in.len = _src->len + 1; + + result = base64_encode(&tmp_in, &tmp_out); + if (!result) goto exit; + + strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary); + + /** + * Lors qu'un unique octet est encodé, cet octet ne produit aucun + * caractère que ne dépend que de lui : + * + * | X | + * 1 2 3 4 5 6 | 7 8 1 2 3 4 | 5 6 7 8 1 2 | 3 4 5 6 7 8 + * + * Les compteurs sont alors diminués. + */ + + if (binary->len == 0) + (*dcount)--; + else + binary++; + + exit_szstr(&tmp_out); + + /* Variante 2 */ + + tmp_in.data[0] = ' '; + tmp_in.data[2] = ' '; + memcpy(&tmp_in.data[2], _src->static_bin_data, _src->len); + + tmp_in.len = _src->len + 2; + + result = base64_encode(&tmp_in, &tmp_out); + if (!result) goto exit; + + strip_base64_modifier_output(&tmp_in, &tmp_out, 2, binary++); + + exit_szstr(&tmp_out); + + exit: + + exit_szstr(&tmp_in); + + } + + if (!result) + { + for (i = 0; i < *dcount; i++) + exit_szstr(&(*dest)[i]); + + free(*dest); + + *dcount = 0; + *dest = NULL; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* arg = argument de personnalisation. * +* * +* Description : Détermine si un argument est bien toléré par un modificateur.* +* * +* Retour : Bilan de la consultation : support ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_base64_modifier_can_handle_arg(const GScanBase64Modifier *modifier, const modifier_arg_t *arg) +{ + bool result; /* Bilan d'opération à renvoyer*/ + + switch (arg->type) + { + case MAT_STRING: + result = (arg->value.string.len == 64); + break; + + default: + result = false; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* arg = argument de personnalisation. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_base64_modifier_transform_with_arg(const GScanBase64Modifier *modifier, const sized_binary_t *src, size_t scount, const modifier_arg_t *arg, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + sized_binary_t tmp_in; /* Manipulation des variations */ + sized_binary_t tmp_out; /* Manipulation des variations */ + + result = (arg->type == MAT_STRING); + if (!result) goto bad_arg; + + *dcount = scount * 3; + *dest = calloc(*dcount, sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount && result; i++) + { + _src = src + i; + + tmp_in.data = malloc((_src->len + 2) * sizeof(bin_t)); + + /** + * Explications sur la définition des modifications sur les + * encodages produits : https://www.leeholmes.com/searching-for-content-in-base-64-strings/ + */ + + /* Encodage premier */ + + result = _base64_encode(_src, &tmp_out, &arg->value.string); + if (!result) goto exit; + + strip_base64_modifier_output(_src, &tmp_out, 0, binary++); + + exit_szstr(&tmp_out); + + /* Variante 1 */ + + tmp_in.data[0] = ' '; + memcpy(&tmp_in.data[1], _src->static_bin_data, _src->len); + + tmp_in.len = _src->len + 1; + + result = _base64_encode(&tmp_in, &tmp_out, &arg->value.string); + if (!result) goto exit; + + strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary++); + + exit_szstr(&tmp_out); + + /* Variante 2 */ + + tmp_in.data[0] = ' '; + tmp_in.data[2] = ' '; + memcpy(&tmp_in.data[2], _src->static_bin_data, _src->len); + + tmp_in.len = _src->len + 2; + + result = _base64_encode(&tmp_in, &tmp_out, &arg->value.string); + if (!result) goto exit; + + strip_base64_modifier_output(&tmp_in, &tmp_out, 2, binary++); + + exit_szstr(&tmp_out); + + exit: + + exit_szstr(&tmp_in); + + } + + if (!result) + { + for (i = 0; i < *dcount; i++) + exit_szstr(&(*dest)[i]); + + free(*dest); + + *dcount = 0; + *dest = NULL; + + } + + bad_arg: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_base64_modifier_get_path(const GScanBase64Modifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 3) + { + result = NULL; + (*index) -= 3; + } + + else + result = strdup("base64"); + + return result; + +} diff --git a/plugins/encodings/rost/base64.h b/plugins/encodings/rost/base64.h new file mode 100644 index 0000000..646b945 --- /dev/null +++ b/plugins/encodings/rost/base64.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * base64.h - prototypes pour la transormation en encodage Base64 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_ENCODINGS_ROST_BASE64_H +#define _PLUGINS_ENCODINGS_ROST_BASE64_H + + +#include <glib-object.h> + + +#include <analysis/scan/patterns/modifier.h> + + + +#define G_TYPE_SCAN_BASE64_MODIFIER g_scan_base64_modifier_get_type() +#define G_SCAN_BASE64_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_BASE64_MODIFIER, GScanBase64Modifier)) +#define G_IS_SCAN_BASE64_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_BASE64_MODIFIER)) +#define G_SCAN_BASE64_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_BASE64_MODIFIER, GScanBase64ModifierClass)) +#define G_IS_SCAN_BASE64_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_BASE64_MODIFIER)) +#define G_SCAN_BASE64_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_BASE64_MODIFIER, GScanBase64ModifierClass)) + + +/* Transormation en encodage Base64 (instance) */ +typedef GScanTokenModifier GScanBase64Modifier; + +/* Transormation en encodage Base64 (classe) */ +typedef GScanTokenModifierClass GScanBase64ModifierClass; + + +/* Indique le type défini pour une transormation en encodage Base64. */ +GType g_scan_base64_modifier_get_type(void); + +/* Construit un modificateur livrant des encodages en Base64. */ +GScanTokenModifier *g_scan_base64_modifier_new(void); + + + +#endif /* _PLUGINS_ENCODINGS_ROST_BASE64_H */ diff --git a/plugins/kaitai/Makefile.am b/plugins/kaitai/Makefile.am index cbc0f25..9a4e112 100644 --- a/plugins/kaitai/Makefile.am +++ b/plugins/kaitai/Makefile.am @@ -54,6 +54,7 @@ libkaitai_la_SOURCES = \ array.h array.c \ core.h core.c \ expression.h \ + import.h import.c \ parser-int.h \ parser.h parser.c \ record-int.h \ @@ -67,6 +68,7 @@ libkaitai_la_SOURCES = \ libkaitai_la_LIBADD = \ parsers/libkaitaiparsers.la \ records/libkaitairecords.la \ + rost/libkaitairost.la \ $(PYTHON3_LIBADD) libkaitai_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src @@ -88,5 +90,4 @@ CLEANFILES = grammar.h grammar.c grammar.output tokens.c tokens.h EXTRA_DIST = tokens.h -# misc -SUBDIRS = parsers records $(PYTHON3_SUBDIRS) +SUBDIRS = parsers records rost $(PYTHON3_SUBDIRS) diff --git a/plugins/kaitai/core.c b/plugins/kaitai/core.c index 7483fbc..c41d96d 100644 --- a/plugins/kaitai/core.c +++ b/plugins/kaitai/core.c @@ -30,6 +30,8 @@ #ifdef INCLUDE_PYTHON3_BINDINGS # include "python/module.h" #endif +#include "rost/core.h" + #ifdef INCLUDE_PYTHON3_BINDINGS @@ -62,7 +64,7 @@ G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *plugin) { bool result; /* Bilan à retourner */ - result = true; + result = add_kaitai_support_to_rost(); #ifdef INCLUDE_PYTHON3_BINDINGS diff --git a/plugins/kaitai/grammar.y b/plugins/kaitai/grammar.y index 9e31113..9745dc8 100644 --- a/plugins/kaitai/grammar.y +++ b/plugins/kaitai/grammar.y @@ -31,9 +31,10 @@ typedef void *yyscan_t; #include "expression.h" #include "record.h" +#include "records/bits.h" +#include "records/delayed.h" #include "records/item.h" #include "records/list.h" -#include "records/value.h" } @@ -580,7 +581,9 @@ YY_DECL; %token ROOT "_root" %token PARENT "_parent" %token LAST "_" +%token IO "_io" %token METH_IO "._io" +%token IO_EOF ".eof" %token TRUE_CONST "true" %token FALSE_CONST "false" @@ -622,6 +625,7 @@ YY_DECL; %type <value> field %type <value> enumeration %type <value> stream +%type <value> stream_meths @@ -714,6 +718,7 @@ YY_DECL; | field { $$ = $1; } | enumeration { $$ = $1; } | stream { $$ = $1; } + | stream_meths { $$ = $1; } | arithmetic_expr { $$ = $1; } | relational_expr { $$ = $1; } | logical_expr { $$ = $1; } @@ -1487,7 +1492,35 @@ YY_DECL; } - stream : any_expr "._io" + stream : "_io" + { + GBinContent *__content; + mrange_t __range; + vmpa2t __next; + + if (locals->last == NULL) + { + __content = g_match_record_get_content(locals->root); + + g_binary_content_compute_start_pos(__content, &__next); + + } + else + { + __content = g_match_record_get_content(locals->last); + + g_match_record_get_range(locals->last, &__range); + compute_mrange_end_addr(&__range, &__next); + + } + + $$.stream = g_kaitai_stream_new(__content, &__next); + $$.type = GVT_STREAM; + + g_object_unref(G_OBJECT(__content)); + + } + | any_expr "._io" { GBinContent *__content; mrange_t __range; @@ -1508,6 +1541,15 @@ YY_DECL; } ; + stream_meths : stream ".eof" + { + $$.status = g_kaitai_stream_has_reached_eof($1.stream);; + $$.type = GVT_BOOLEAN; + + EXIT_RESOLVED_VALUE($1); + + } + ; %% @@ -1656,8 +1698,11 @@ static bool reduce_resolved_kaitai_expression(resolved_value_t *in_out) while (result && in_out->type == GVT_RECORD) { - if (G_IS_RECORD_VALUE(in_out->record)) - result = g_record_value_compute_value(G_RECORD_VALUE(in_out->record), &deeper); + if (G_IS_RECORD_BIT_FIELD(in_out->record)) + result = g_record_bit_field_get_value(G_RECORD_BIT_FIELD(in_out->record), &deeper); + + else if (G_IS_RECORD_DELAYED(in_out->record)) + result = g_record_delayed_compute_value(G_RECORD_DELAYED(in_out->record), &deeper); else if (G_IS_RECORD_ITEM(in_out->record)) result = g_record_item_get_value(G_RECORD_ITEM(in_out->record), &deeper); @@ -1734,6 +1779,26 @@ bool resolve_kaitai_expression_as_boolean(const kaitai_scope_t *locals, const ch if (result) result = reduce_resolved_kaitai_expression(out); + if (result) + { + if (out->type == GVT_UNSIGNED_INTEGER) + { + out->status = (out->unsigned_integer != 0); + out->type = GVT_BOOLEAN; + } + else if (out->type == GVT_SIGNED_INTEGER) + { + out->status = (out->signed_integer != 0); + out->type = GVT_BOOLEAN; + } + else if (out->type == GVT_FLOAT) + { + out->status = (out->floating_number != 0); + out->type = GVT_BOOLEAN; + } + + } + if (result && out->type != GVT_BOOLEAN) { EXIT_RESOLVED_VALUE(*out); diff --git a/plugins/kaitai/import.c b/plugins/kaitai/import.c new file mode 100644 index 0000000..0412ff7 --- /dev/null +++ b/plugins/kaitai/import.c @@ -0,0 +1,300 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * import.c - localisation de fichiers de définitions externes + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "import.h" + + +#include <libgen.h> +#include <malloc.h> +#include <string.h> + + +#include <common/environment.h> +#include <core/logs.h> + + + +/* Charge un type Kaitai à partir d'une définition voisine. */ +static GKaitaiType *import_relative_kaitai_definition(const char *, const char *); + +/* Charge un type Kaitai depuis un emplacement de $KSPATH. */ +static GKaitaiType *import_kaitai_definition_from_env(const char *); + +/* Charge un interpréteur pour une définition voisine. */ +static GKaitaiStruct *load_relative_kaitai_definition(const char *, const char *); + +/* Charge un interpréteur depuis un emplacement de $KSPATH. */ +static GKaitaiStruct *load_kaitai_definition_from_env(const char *); + + + +/****************************************************************************** +* * +* Paramètres : target = désignation de la définition à retrouver. * +* reference = éventuel fichier pour les positions relatives. * +* * +* Description : Charge un type Kaitai à partir d'une définition voisine. * +* * +* Retour : Type valide en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GKaitaiType *import_relative_kaitai_definition(const char *target, const char *reference) +{ + GKaitaiType *result; /* Structure chargée à renvoyer*/ + char *tmp; /* Zone de travail temporaire */ + char *base; /* Base de recherche */ + char *filename; /* Nom de fichier à tester */ + int ret; /* Bilan d'une construction */ + + result = NULL; + + tmp = strdup(reference); + base = dirname(tmp); + + ret = asprintf(&filename, "%s%c%s.ksy", base, G_DIR_SEPARATOR, target); + if (ret == -1) goto build_error; + + result = g_kaitai_type_new_as_import(target, filename); + + free(filename); + + build_error: + + free(tmp); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : target = désignation de la définition à retrouver. * +* * +* Description : Charge un type Kaitai depuis un emplacement de $KSPATH. * +* * +* Retour : Type valide en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GKaitaiType *import_kaitai_definition_from_env(const char *target) +{ + GKaitaiType *result; /* Structure chargée à renvoyer*/ + char *paths; /* Emplacements de greffons */ + char *save; /* Sauvegarde pour ré-entrance */ + char *path; /* Chemin à fouiller */ + char *filename; /* Nom de fichier à tester */ + int ret; /* Bilan d'une construction */ + + result = NULL; + + paths = get_env_var("KSPATH"); + + save = NULL; /* gcc... */ + + for (path = strtok_r(paths, ":", &save); + path != NULL; + path = strtok_r(NULL, ":", &save)) + { + ret = asprintf(&filename, "%s%c%s.ksy", path, G_DIR_SEPARATOR, target); + if (ret == -1) + { + LOG_ERROR_N("asprintf"); + continue; + } + + result = g_kaitai_type_new_as_import(target, filename); + + if (result != NULL) + log_variadic_message(LMT_PROCESS, _("Found a required Kaitai definition to import: %s"), filename); + + free(filename); + + } + + free(paths); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : target = désignation de la définition à retrouver. * +* reference = éventuel fichier pour les positions relatives. * +* * +* Description : Met en place un type Kaitai pour une définition désignée. * +* * +* Retour : Type valide en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GKaitaiType *import_kaitai_definition(const char *target, const char *reference) +{ + GKaitaiType *result; /* Structure chargée à renvoyer*/ + + result = NULL; + + if (reference != NULL) + result = import_relative_kaitai_definition(target, reference); + + if (result == NULL) + result = import_kaitai_definition_from_env(target); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : target = désignation de la définition à retrouver. * +* reference = éventuel fichier pour les positions relatives. * +* * +* Description : Charge un interpréteur pour une définition voisine. * +* * +* Retour : Interprétateur valide en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GKaitaiStruct *load_relative_kaitai_definition(const char *target, const char *reference) +{ + GKaitaiStruct *result; /* Structure chargée à renvoyer*/ + char *tmp; /* Zone de travail temporaire */ + char *base; /* Base de recherche */ + char *filename; /* Nom de fichier à tester */ + int ret; /* Bilan d'une construction */ + + result = NULL; + + tmp = strdup(reference); + base = dirname(tmp); + + ret = asprintf(&filename, "%s%c%s.ksy", base, G_DIR_SEPARATOR, target); + if (ret == -1) goto build_error; + + result = g_kaitai_structure_new_from_file(filename); + + free(filename); + + build_error: + + free(tmp); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : target = désignation de la définition à retrouver. * +* * +* Description : Charge un interpréteur depuis un emplacement de $KSPATH. * +* * +* Retour : Interprétateur valide en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GKaitaiStruct *load_kaitai_definition_from_env(const char *target) +{ + GKaitaiStruct *result; /* Structure chargée à renvoyer*/ + char *paths; /* Emplacements de greffons */ + char *save; /* Sauvegarde pour ré-entrance */ + char *path; /* Chemin à fouiller */ + char *filename; /* Nom de fichier à tester */ + int ret; /* Bilan d'une construction */ + + result = NULL; + + paths = get_env_var("KSPATH"); + + save = NULL; /* gcc... */ + + for (path = strtok_r(paths, ":", &save); + path != NULL; + path = strtok_r(NULL, ":", &save)) + { + ret = asprintf(&filename, "%s%c%s.ksy", path, G_DIR_SEPARATOR, target); + if (ret == -1) + { + LOG_ERROR_N("asprintf"); + continue; + } + + result = g_kaitai_structure_new_from_file(filename); + + if (result != NULL) + log_variadic_message(LMT_PROCESS, _("Found a required Kaitai definition: %s"), filename); + + free(filename); + + } + + free(paths); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : target = désignation de la définition à retrouver. * +* reference = éventuel fichier pour les positions relatives. * +* * +* Description : Met en place un interpréteur pour une définition désignée. * +* * +* Retour : Interprétateur valide en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GKaitaiStruct *load_kaitai_definition(const char *target, const char *reference) +{ + GKaitaiStruct *result; /* Structure chargée à renvoyer*/ + + result = NULL; + + if (reference != NULL) + result = load_relative_kaitai_definition(target, reference); + + if (result == NULL) + result = load_kaitai_definition_from_env(target); + + return result; + +} diff --git a/plugins/kaitai/import.h b/plugins/kaitai/import.h new file mode 100644 index 0000000..66a0f5a --- /dev/null +++ b/plugins/kaitai/import.h @@ -0,0 +1,41 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * import.h - prototypes pour la localisation de fichiers de définitions externes + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_KAITAI_IMPORT_H +#define _PLUGINS_KAITAI_IMPORT_H + + +#include "parsers/struct.h" +#include "parsers/type.h" + + + +/* Met en place un type Kaitai pour une définition désignée. */ +GKaitaiType *import_kaitai_definition(const char *, const char *); + +/* Met en place un interpréteur pour une définition désignée. */ +GKaitaiStruct *load_kaitai_definition(const char *, const char *); + + + +#endif /* _PLUGINS_KAITAI_IMPORT_H */ diff --git a/plugins/kaitai/parser-int.h b/plugins/kaitai/parser-int.h index 4ddb0f9..8bac523 100644 --- a/plugins/kaitai/parser-int.h +++ b/plugins/kaitai/parser-int.h @@ -30,7 +30,7 @@ /* Parcourt un contenu binaire selon des spécifications Kaitai. */ -typedef bool (* parse_kaitai_fc) (GKaitaiParser *, kaitai_scope_t *, GBinContent *, vmpa2t *, GMatchRecord **); +typedef bool (* parse_kaitai_fc) (GKaitaiParser *, kaitai_scope_t *, GBinContent *, ext_vmpa_t *, GMatchRecord **); diff --git a/plugins/kaitai/parser.c b/plugins/kaitai/parser.c index 77c15b3..cfe1aa1 100644 --- a/plugins/kaitai/parser.c +++ b/plugins/kaitai/parser.c @@ -24,6 +24,9 @@ #include "parser.h" +#include <assert.h> + + #include "parser-int.h" @@ -131,7 +134,7 @@ static void g_kaitai_parser_finalize(GKaitaiParser *parser) * Paramètres : parser = structure Kaitai en cours de parcours. * * locals = variables locales pour les résolutions de types. * * content = données binaires à analyser et traduire. * -* pos = tête de lecture courante. [OUT] * +* epos = tête de lecture courante. [OUT] * * record = noeud d'arborescence d'éléments rencontrés. [OUT] * * * * Description : Parcourt un contenu binaire selon des spécifications Kaitai. * @@ -142,18 +145,22 @@ static void g_kaitai_parser_finalize(GKaitaiParser *parser) * * ******************************************************************************/ -bool g_kaitai_parser_parse_content(GKaitaiParser *parser, kaitai_scope_t *locals, GBinContent *content, vmpa2t *pos, GMatchRecord **record) +bool g_kaitai_parser_parse_content(GKaitaiParser *parser, kaitai_scope_t *locals, GBinContent *content, ext_vmpa_t *epos, GMatchRecord **record) { bool result; /* Bilan à retourner */ GKaitaiParserClass *class; /* Classe de l'instance */ + *record = NULL; + class = G_KAITAI_PARSER_GET_CLASS(parser); - result = class->parse(parser, locals, content, pos, record); + result = class->parse(parser, locals, content, epos, record); - if (result) + if (result && *record != NULL) remember_last_record(locals, *record); + assert((!result && *record == NULL) || result); + return result; } diff --git a/plugins/kaitai/parser.h b/plugins/kaitai/parser.h index 4c17087..64d759d 100644 --- a/plugins/kaitai/parser.h +++ b/plugins/kaitai/parser.h @@ -56,7 +56,7 @@ typedef struct _GKaitaiParserClass GKaitaiParserClass; GType g_kaitai_parser_get_type(void); /* Parcourt un contenu binaire selon des spécifications Kaitai. */ -bool g_kaitai_parser_parse_content(GKaitaiParser *, kaitai_scope_t *, GBinContent *, vmpa2t *, GMatchRecord **); +bool g_kaitai_parser_parse_content(GKaitaiParser *, kaitai_scope_t *, GBinContent *, ext_vmpa_t *, GMatchRecord **); diff --git a/plugins/kaitai/parsers/attribute-int.h b/plugins/kaitai/parsers/attribute-int.h index ef64089..7d37af3 100644 --- a/plugins/kaitai/parsers/attribute-int.h +++ b/plugins/kaitai/parsers/attribute-int.h @@ -51,6 +51,9 @@ struct _GKaitaiAttribute /* KAP_FIXED_CONTENT */ sized_string_t fixed_content; /* Données brutes attendues */ + /* KAP_BIT_FIELD_TYPE */ + uint8_t bf_size; /* Nombre de bits visés */ + /* KAP_BASIC_TYPE */ struct { diff --git a/plugins/kaitai/parsers/attribute.c b/plugins/kaitai/parsers/attribute.c index c61fe99..6050bb1 100644 --- a/plugins/kaitai/parsers/attribute.c +++ b/plugins/kaitai/parsers/attribute.c @@ -25,6 +25,7 @@ #include <assert.h> +#include <stdlib.h> #include <string.h> @@ -35,6 +36,7 @@ #include "attribute-int.h" #include "../expression.h" #include "../scope.h" +#include "../records/bits.h" #include "../records/empty.h" #include "../records/item.h" #include "../records/list.h" @@ -56,6 +58,9 @@ static void g_kaitai_attribute_dispose(GKaitaiAttribute *); /* Procède à la libération totale de la mémoire. */ static void g_kaitai_attribute_finalize(GKaitaiAttribute *); +/* Traduit en champ de bits une chaîne de caractères. */ +static bool g_kaitai_attribute_resolve_bit_field(GKaitaiAttribute *, const char *); + /* Traduit en type concret une chaîne de caractères. */ static bool g_kaitai_attribute_resolve_type(GKaitaiAttribute *, const char *); @@ -71,7 +76,7 @@ static GKaitaiAttribute *g_kaitai_attribute_dup_for(const GKaitaiAttribute *); /* Parcourt un contenu binaire selon des spécifications Kaitai. */ -static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *, kaitai_scope_t *, GBinContent *, vmpa2t *, GMatchRecord **); +static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *, kaitai_scope_t *, GBinContent *, ext_vmpa_t *, GMatchRecord **); /* Extrait d'un contenu une série d'octets avec terminaison. */ static bool g_kaitai_attribute_parse_terminated_bytes(GKaitaiAttribute *, const kaitai_scope_t *, GBinContent *, vmpa2t *, GMatchRecord **); @@ -80,7 +85,7 @@ static bool g_kaitai_attribute_parse_terminated_bytes(GKaitaiAttribute *, const static bool g_kaitai_attribute_compute_maybe_terminated_range(const GKaitaiAttribute *, const kaitai_scope_t *, const GBinContent *, const vmpa2t *, phys_t *, mrange_t *); /* Parcourt un contenu binaire selon des spécifications Kaitai. */ -static bool g_kaitai_attribute_parse_content(GKaitaiAttribute *, kaitai_scope_t *, GBinContent *, vmpa2t *, GMatchRecord **); +static bool g_kaitai_attribute_parse_content(GKaitaiAttribute *, kaitai_scope_t *, GBinContent *, ext_vmpa_t *, GMatchRecord **); @@ -243,7 +248,7 @@ GKaitaiAttribute *g_kaitai_attribute_new(GYamlNode *parent) result = g_object_new(G_TYPE_KAITAI_ATTRIBUTE, NULL); - if (!g_kaitai_attribute_create(result, parent, true)) + if (!g_kaitai_attribute_create(result, parent, false /* TODO : REMME ? */)) g_clear_object(&result); return result; @@ -399,7 +404,10 @@ bool g_kaitai_attribute_create(GKaitaiAttribute *attrib, GYamlNode *parent, bool if (value != NULL) { - if (g_kaitai_attribute_resolve_type(attrib, value)) + if (g_kaitai_attribute_resolve_bit_field(attrib, value)) + attrib->payload |= KAP_BIT_FIELD_TYPE; + + else if (g_kaitai_attribute_resolve_type(attrib, value)) attrib->payload |= KAP_BASIC_TYPE; else @@ -701,6 +709,54 @@ bool g_kaitai_attribute_create(GKaitaiAttribute *attrib, GYamlNode *parent, bool * Paramètres : attrib = attribut Kaitai en cours de constitution. * * desc = chaîne de caractère à interpréter en type. * * * +* Description : Traduit en champ de bits une chaîne de caractères. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_kaitai_attribute_resolve_bit_field(GKaitaiAttribute *attrib, const char *desc) +{ + bool result; /* Bilan à retourner */ + size_t len; /* Taille de la chaîne à lire */ + char *end; /* Prochain caractère à lire */ + unsigned long size; /* Taille du champ de bits */ + + result = false; + + if (desc[0] == 'b') + { + len = strlen(desc); + + size = strtoul(&desc[1], &end, 10); + + if (size > 64) + { + printf("Unsupported size for bit field: %lu\n", size); + goto exit; + } + + result = ((desc + len) == end); + + if (result) + attrib->bf_size = size; + + } + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : attrib = attribut Kaitai en cours de constitution. * +* desc = chaîne de caractère à interpréter en type. * +* * * Description : Traduit en type concret une chaîne de caractères. * * * * Retour : Bilan de l'opération. * @@ -930,7 +986,7 @@ static bool g_kaitai_attribute_check(const GKaitaiAttribute *attrib) } /** - * Si une séquence d'octets finaux est spécifiées, alors l'attribut + * Si une séquence d'octets finaux est spécifiée, alors l'attribut * doit correspondre à un type str[z] (lecture) ou de taille fixée * (validation post-lecture). */ @@ -1018,7 +1074,8 @@ static GKaitaiAttribute *g_kaitai_attribute_dup_for(const GKaitaiAttribute *attr * Les travaux de copie ne portent ainsi que sur le présent attribut. */ - result->raw_id = strdup(attrib->raw_id); + if (attrib->raw_id != NULL) + result->raw_id = strdup(attrib->raw_id); if (attrib->orig_id != NULL) result->orig_id = strdup(attrib->orig_id); @@ -1428,6 +1485,50 @@ bool g_kaitai_attribute_read_value(const GKaitaiAttribute *attrib, const GBinCon } +/****************************************************************************** +* * +* Paramètres : attrib = lecteur d'attribut Kaitai à consulter. * +* content = contenu binaire à venir lire. * +* epos = tête de lecture avec granularité en bits. * +* size = quantité de bits à prendre en compte. * +* endian = boustime des données à respecter. * +* out = valeur à sauvegarder sous une forme générique.[OUT]* +* * +* Description : Lit la valeur d'un champ de bits Kaitai représenté. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_kaitai_attribute_read_bit_field_value(const GKaitaiAttribute *attrib, const GBinContent *content, const ext_vmpa_t *epos, uint8_t size, SourceEndian endian, resolved_value_t *out) +{ + bool result; /* Bilan à retourner */ + ext_vmpa_t tmpepos; /* Localisation modifiable */ + uint64_t tmp64; /* Valeur de 64 bits lue */ + + result = false; + + if (attrib->payload & KAP_BIT_FIELD_TYPE) + { + copy_evmpa(&tmpepos, epos); + + result = g_binary_content_read_bits(content, &tmpepos, size, endian, &tmp64); + + if (result) + { + out->type = GVT_UNSIGNED_INTEGER; + out->unsigned_integer = tmp64; + } + + } + + return result; + +} + + /* ---------------------------------------------------------------------------------- */ /* IMPLEMENTATION DES FONCTIONS DE CLASSE */ @@ -1439,7 +1540,7 @@ bool g_kaitai_attribute_read_value(const GKaitaiAttribute *attrib, const GBinCon * Paramètres : attrib = structure Kaitai en cours de parcours. * * locals = variables locales pour les résolutions de types. * * content = données binaires à analyser et traduire. * -* pos = tête de lecture courante. [OUT] * +* epos = tête de lecture courante. [OUT] * * record = noeud d'arborescence d'éléments rencontrés. [OUT] * * * * Description : Parcourt un contenu binaire selon des spécifications Kaitai. * @@ -1450,7 +1551,7 @@ bool g_kaitai_attribute_read_value(const GKaitaiAttribute *attrib, const GBinCon * * ******************************************************************************/ -static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_scope_t *locals, GBinContent *content, vmpa2t *pos, GMatchRecord **record) +static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_scope_t *locals, GBinContent *content, ext_vmpa_t *epos, GMatchRecord **record) { bool result; /* Bilan à retourner */ resolved_value_t authorized; /* Validation des traitements */ @@ -1499,7 +1600,10 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s /* Zone de travail restreinte */ g_binary_content_compute_end_pos(content, &tmp); - diff = compute_vmpa_diff(pos, &tmp); + diff = compute_vmpa_diff(&epos->base, &tmp); + + if (epos->consumed_extra_bits > 0 && diff > 0) + diff--; if (attrib->payload & KAP_SIZED) { @@ -1537,8 +1641,10 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s if (!result) goto exit; - init_mrange(&work_range, pos, diff); - work_area = g_restricted_content_new_ro(content, &work_range); + align_evmpa_on_byte(epos); + + init_mrange(&work_range, &epos->base, diff); + work_area = g_restricted_content_new(content, &work_range); has_empty_size = (diff == 0); @@ -1555,13 +1661,18 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s assert(false); else if (attrib->payload & KAP_SIZED_EOS) + { + align_evmpa_on_byte(epos); result = true; + } else if (attrib->payload & KAP_FIXED_CONTENT) { if (diff >= attrib->fixed_content.len) { - copy_vmpa(&tmp, pos); + align_evmpa_on_byte(epos); + + copy_vmpa(&tmp, &epos->base); data = g_binary_content_get_raw_access(work_area, &tmp, attrib->fixed_content.len); assert(data != NULL); @@ -1575,8 +1686,26 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s } + else if (attrib->payload & KAP_BIT_FIELD_TYPE) + { + if (attrib->has_endian) + endian = attrib->endian; + else + endian = g_kaitai_meta_get_endian(locals->meta); + + *record = g_record_bit_field_new(attrib, work_area, epos, attrib->bf_size, endian); + + result = (*record != NULL); + + if (result) + advance_evmpa_bits(epos, attrib->bf_size); + + } + else if (attrib->payload & KAP_BASIC_TYPE) { + align_evmpa_on_byte(epos); + switch (attrib->basic) { case BTP_CHAR: @@ -1584,7 +1713,8 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s if (attrib->is_string) { if ((attrib->payload & KAP_SIZED) == 0) - result = g_kaitai_attribute_parse_terminated_bytes(attrib, locals, work_area, pos, record); + result = g_kaitai_attribute_parse_terminated_bytes(attrib, locals, + work_area, &epos->base, record); } else { @@ -1627,7 +1757,7 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s if (user_type != NULL) { result = g_kaitai_parser_parse_content(G_KAITAI_PARSER(user_type), - locals, work_area, pos, record); + locals, work_area, epos, record); if (result) /** @@ -1647,7 +1777,7 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s } else if (attrib->payload & KAP_DYNAMIC_TYPE) - result = g_kaitai_parser_parse_content(G_KAITAI_PARSER(attrib->switchon), locals, work_area, pos, record); + result = g_kaitai_parser_parse_content(G_KAITAI_PARSER(attrib->switchon), locals, work_area, epos, record); else if (attrib->payload & KAP_SIZED) { @@ -1660,6 +1790,11 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s if (result && *record == NULL) { /** + * A ce stade, la granularité des travaux est l'octet. + */ + assert(epos->consumed_extra_bits == 0); + + /** * On choisit de laisser la création de correspondances nulles. * * Cela permet de disposer de la présence de champs valides, même vides @@ -1668,12 +1803,13 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s /* if (diff > 0) */ { - result = g_kaitai_attribute_compute_maybe_terminated_range(attrib, locals, content, pos, &diff, &range); + result = g_kaitai_attribute_compute_maybe_terminated_range(attrib, locals, content, + &epos->base, &diff, &range); if (result) { if (has_empty_size) - *record = G_MATCH_RECORD(g_record_empty_new(G_KAITAI_PARSER(attrib), content, pos)); + *record = G_MATCH_RECORD(g_record_empty_new(G_KAITAI_PARSER(attrib), content, &epos->base)); else { @@ -1685,7 +1821,7 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s *record = G_MATCH_RECORD(g_record_item_new(attrib, work_area, &range, endian)); if (*record != NULL) - advance_vmpa(pos, diff); + advance_vmpa(&epos->base, diff); else result = false; @@ -1701,13 +1837,16 @@ static bool _g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_s if (attrib->payload & KAP_SIZED) { - cur_diff = compute_vmpa_diff(get_mrange_addr(&work_range), pos); + /* Réalignement éventuel suite aux lectures dans la zone périmétrée... */ + align_evmpa_on_byte(epos); + + cur_diff = compute_vmpa_diff(get_mrange_addr(&work_range), &epos->base); /* Pour GCC... */ max_size = get_mrange_length(&work_range); if (cur_diff < max_size) - advance_vmpa(pos, max_size - cur_diff); + advance_vmpa(&epos->base, max_size - cur_diff); assert(work_area != content); g_object_unref(G_OBJECT(work_area)); @@ -1932,7 +2071,7 @@ static bool g_kaitai_attribute_compute_maybe_terminated_range(const GKaitaiAttri * Paramètres : attrib = structure Kaitai en cours de parcours. * * locals = variables locales pour les résolutions de types. * * content = données binaires à analyser et traduire. * -* pos = tête de lecture courante. [OUT] * +* epos = tête de lecture courante. [OUT] * * record = noeud d'arborescence d'éléments rencontrés. [OUT] * * * * Description : Parcourt un contenu binaire selon des spécifications Kaitai. * @@ -1943,7 +2082,7 @@ static bool g_kaitai_attribute_compute_maybe_terminated_range(const GKaitaiAttri * * ******************************************************************************/ -static bool g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_scope_t *locals, GBinContent *content, vmpa2t *pos, GMatchRecord **record) +static bool g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_scope_t *locals, GBinContent *content, ext_vmpa_t *epos, GMatchRecord **record) { bool result; /* Bilan à retourner */ resolved_value_t authorized; /* Validation des traitements */ @@ -1957,7 +2096,7 @@ static bool g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_sc resolved_value_t loop; /* Poursuite des lectures ? */ if (attrib->repetition == KAR_NO_REPETITION) - result = _g_kaitai_attribute_parse_content(attrib, locals, content, pos, record); + result = _g_kaitai_attribute_parse_content(attrib, locals, content, epos, record); else { @@ -1975,7 +2114,7 @@ static bool g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_sc } - list = g_record_list_new(attrib, content, pos); + list = g_record_list_new(attrib, content, &epos->base); switch (attrib->repetition) { @@ -1984,17 +2123,17 @@ static bool g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_sc result = true; g_binary_content_compute_end_pos(content, &end); - diff = compute_vmpa_diff(pos, &end); + diff = compute_vmpa_diff(&epos->base, &end); while (diff > 0) { - result = _g_kaitai_attribute_parse_content(attrib, locals, content, pos, &child); + result = _g_kaitai_attribute_parse_content(attrib, locals, content, epos, &child); if (!result) break; g_record_list_add_record(list, child); remember_last_record(locals, child); - diff = compute_vmpa_diff(pos, &end); + diff = compute_vmpa_diff(&epos->base, &end); } @@ -2025,7 +2164,7 @@ static bool g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_sc for (i = 0; i < count; i++) { - result = _g_kaitai_attribute_parse_content(attrib, locals, content, pos, &child); + result = _g_kaitai_attribute_parse_content(attrib, locals, content, epos, &child); if (!result) break; g_record_list_add_record(list, child); @@ -2039,7 +2178,7 @@ static bool g_kaitai_attribute_parse_content(GKaitaiAttribute *attrib, kaitai_sc do { - result = _g_kaitai_attribute_parse_content(attrib, locals, content, pos, &child); + result = _g_kaitai_attribute_parse_content(attrib, locals, content, epos, &child); if (!result) break; g_record_list_add_record(list, child); diff --git a/plugins/kaitai/parsers/attribute.h b/plugins/kaitai/parsers/attribute.h index 38b78d7..9b43936 100644 --- a/plugins/kaitai/parsers/attribute.h +++ b/plugins/kaitai/parsers/attribute.h @@ -56,18 +56,19 @@ typedef struct _GKaitaiAttributeClass GKaitaiAttributeClass; /* Type de charge associée à un attribut */ typedef enum _KaitaiAttributePayload { - KAP_UNINITIALIZED = (0 << 0), /* Type non initialisé */ + KAP_UNINITIALIZED = (0 << 0), /* Type non initialisé */ - KAP_FIXED_CONTENT = (1 << 0), /* Contenu brut attendu */ - KAP_BASIC_TYPE = (1 << 1), /* Type prédéfini */ - KAP_USER_TYPE = (1 << 2), /* Type personnalisé */ - KAP_DYNAMIC_TYPE = (1 << 3), /* Type dynmatique */ - KAP_SIZED = (1 << 4), /* Bourrage dimensionné */ - KAP_SIZED_EOS = (1 << 5), /* Bourrage final */ + KAP_FIXED_CONTENT = (1 << 0), /* Contenu brut attendu */ + KAP_BIT_FIELD_TYPE = (1 << 1), /* Champ d'un ou plusieurs bits*/ + KAP_BASIC_TYPE = (1 << 2), /* Type prédéfini */ + KAP_USER_TYPE = (1 << 3), /* Type personnalisé */ + KAP_DYNAMIC_TYPE = (1 << 4), /* Type dynmatique */ + KAP_SIZED = (1 << 5), /* Bourrage dimensionné */ + KAP_SIZED_EOS = (1 << 6), /* Bourrage final */ } KaitaiAttributePayload; -/* Types de base reconnus par Kaitai */ +/* Types de base reconnus par Kaitai */ /* TODO : REMME ? (car non utilisé) */ typedef enum _KaitaiBasicType { KBT_U1, /* Octet non signé */ @@ -149,6 +150,9 @@ bool g_kaitai_attribute_handle_signed_integer(const GKaitaiAttribute *); /* Lit la valeur d'un élément Kaitai entier représenté. */ bool g_kaitai_attribute_read_value(const GKaitaiAttribute *, const GBinContent *, const mrange_t *, SourceEndian, resolved_value_t *); +/* Lit la valeur d'un champ de bits Kaitai représenté. */ +bool g_kaitai_attribute_read_bit_field_value(const GKaitaiAttribute *, const GBinContent *, const ext_vmpa_t *, uint8_t, SourceEndian, resolved_value_t *); + #endif /* _PLUGINS_KAITAI_PARSERS_ATTRIBUTE_H */ diff --git a/plugins/kaitai/parsers/instance.c b/plugins/kaitai/parsers/instance.c index 63db224..d62c1f6 100644 --- a/plugins/kaitai/parsers/instance.c +++ b/plugins/kaitai/parsers/instance.c @@ -34,7 +34,7 @@ #include "instance-int.h" #include "../expression.h" -#include "../records/value.h" +#include "../records/delayed.h" @@ -59,7 +59,7 @@ static void g_kaitai_instance_finalize(GKaitaiInstance *); /* Parcourt un contenu binaire selon des spécifications Kaitai. */ -static bool g_kaitai_instance_parse_content(GKaitaiInstance *, kaitai_scope_t *, GBinContent *, vmpa2t *, GMatchRecord **); +static bool g_kaitai_instance_parse_content(GKaitaiInstance *, kaitai_scope_t *, GBinContent *, ext_vmpa_t *, GMatchRecord **); @@ -349,74 +349,30 @@ const char *g_kaitai_instance_get_name(const GKaitaiInstance *inst) * * * Paramètres : inst = lecteur d'instance Kaitai à consulter. * * locals = variables locales pour les résolutions de types. * -* value = valeur à sauvegarder sous une forme générique. [OUT]* +* content = contenu binaire lié à la correspondance. * * * -* Description : Détermine la valeur d'un élément Kaitai entier calculé. * +* Description : Détermine la valeur effective d'un élément Kaitai dynamique. * * * -* Retour : Bilan de l'opération. * +* Retour : valeur à sauvegarder sous une forme générique. * * * * Remarques : - * * * ******************************************************************************/ -bool g_kaitai_instance_compute_value(const GKaitaiInstance *inst, const kaitai_scope_t *locals, resolved_value_t *value) +GMatchRecord *g_kaitai_instance_compute_real_record(const GKaitaiInstance *inst, const kaitai_scope_t *locals, GBinContent *content) { - bool result; /* Bilan à retourner */ - - if (inst->value == NULL) - result = false; - - else - result = resolve_kaitai_expression_as_any(locals, - inst->value, - strlen(inst->value), - value); - - return result; - -} - - - -/* ---------------------------------------------------------------------------------- */ -/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ -/* ---------------------------------------------------------------------------------- */ - - -/****************************************************************************** -* * -* Paramètres : inst = structure Kaitai en cours de parcours. * -* locals = variables locales pour les résolutions de types. * -* content = données binaires à analyser et traduire. * -* pos = tête de lecture courante. [OUT] * -* record = noeud d'arborescence d'éléments rencontrés. [OUT] * -* * -* Description : Parcourt un contenu binaire selon des spécifications Kaitai. * -* * -* Retour : Bilan de l'opératon : true pour continuer, false sinon. * -* * -* Remarques : - * -* * -******************************************************************************/ - -static bool g_kaitai_instance_parse_content(GKaitaiInstance *inst, kaitai_scope_t *locals, GBinContent *content, vmpa2t *pos, GMatchRecord **record) -{ - bool result; /* Bilan à retourner */ + GMatchRecord *result; /* Enregistrement à retourner */ GBinContent *work_area; /* Aire de travail */ GKaitaiStream *stream; /* Flux de données pour Kaitai */ - resolved_value_t offset; /* Position à adopter */ + bool status; /* Bilan intermédiaire */ vmpa2t forced_pos; /* Tete de lecture constituée */ + resolved_value_t offset; /* Position à adopter */ GKaitaiParserClass *class; /* Classe parente à solliciter */ + ext_vmpa_t epos; /* Tête de lecture complète */ - if (inst->value != NULL) - { - *record = G_MATCH_RECORD(g_record_value_new(inst, locals)); + result = NULL; - result = (*record != NULL); - - } - - else + if (inst->value == NULL) { /* Contenu particulier */ @@ -425,8 +381,8 @@ static bool g_kaitai_instance_parse_content(GKaitaiInstance *inst, kaitai_scope_ else { - result = resolve_kaitai_expression_as_stream(locals, inst->io, strlen(inst->io), &stream); - if (!result) goto exit; + status = resolve_kaitai_expression_as_stream(locals, inst->io, strlen(inst->io), &stream); + if (!status) goto exit; work_area = g_kaitai_stream_get_content(stream); @@ -438,8 +394,8 @@ static bool g_kaitai_instance_parse_content(GKaitaiInstance *inst, kaitai_scope_ g_binary_content_compute_start_pos(work_area, &forced_pos); - result = resolve_kaitai_expression_as_integer(locals, inst->pos, strlen(inst->pos), &offset); - if (!result) goto exit_with_content; + status = resolve_kaitai_expression_as_integer(locals, inst->pos, strlen(inst->pos), &offset); + if (!status) goto exit_with_content; if (offset.type == GVT_UNSIGNED_INTEGER) advance_vmpa(&forced_pos, offset.unsigned_integer); @@ -450,7 +406,7 @@ static bool g_kaitai_instance_parse_content(GKaitaiInstance *inst, kaitai_scope_ if (offset.signed_integer < 0) { - result = false; + status = false; goto exit_with_content; } @@ -462,7 +418,9 @@ static bool g_kaitai_instance_parse_content(GKaitaiInstance *inst, kaitai_scope_ class = G_KAITAI_PARSER_CLASS(g_kaitai_instance_parent_class); - result = class->parse(G_KAITAI_PARSER(inst), locals, work_area, &forced_pos, record); + init_evmpa_from_vmpa(&epos, &forced_pos); + + class->parse(G_KAITAI_PARSER(inst), locals, work_area, &epos, &result); exit_with_content: @@ -476,3 +434,70 @@ static bool g_kaitai_instance_parse_content(GKaitaiInstance *inst, kaitai_scope_ return result; } + + +/****************************************************************************** +* * +* Paramètres : inst = lecteur d'instance Kaitai à consulter. * +* locals = variables locales pour les résolutions de types. * +* value = valeur à sauvegarder sous une forme générique. [OUT]* +* * +* Description : Détermine la valeur d'un élément Kaitai entier calculé. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_kaitai_instance_compute_value(const GKaitaiInstance *inst, const kaitai_scope_t *locals, resolved_value_t *value) +{ + bool result; /* Bilan à retourner */ + + if (inst->value == NULL) + result = false; + + else + result = resolve_kaitai_expression_as_any(locals, + inst->value, + strlen(inst->value), + value); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : inst = structure Kaitai en cours de parcours. * +* locals = variables locales pour les résolutions de types. * +* content = données binaires à analyser et traduire. * +* epos = tête de lecture courante. [OUT] * +* record = noeud d'arborescence d'éléments rencontrés. [OUT] * +* * +* Description : Parcourt un contenu binaire selon des spécifications Kaitai. * +* * +* Retour : Bilan de l'opératon : true pour continuer, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_kaitai_instance_parse_content(GKaitaiInstance *inst, kaitai_scope_t *locals, GBinContent *content, ext_vmpa_t *epos, GMatchRecord **record) +{ + bool result; /* Bilan à retourner */ + + *record = G_MATCH_RECORD(g_record_delayed_new(inst, locals, inst->value == NULL ? content : NULL)); + + result = (*record != NULL); + + return result; + +} diff --git a/plugins/kaitai/parsers/instance.h b/plugins/kaitai/parsers/instance.h index a9aee9a..4594137 100644 --- a/plugins/kaitai/parsers/instance.h +++ b/plugins/kaitai/parsers/instance.h @@ -60,6 +60,9 @@ GKaitaiInstance *g_kaitai_instance_new(GYamlNode *); /* Indique le nom attribué à une instance Kaitai. */ const char *g_kaitai_instance_get_name(const GKaitaiInstance *); +/* Détermine la valeur effective d'un élément Kaitai dynamique. */ +GMatchRecord *g_kaitai_instance_compute_real_record(const GKaitaiInstance *, const kaitai_scope_t *, GBinContent *); + /* Détermine la valeur d'un élément Kaitai entier calculé. */ bool g_kaitai_instance_compute_value(const GKaitaiInstance *, const kaitai_scope_t *, resolved_value_t *); diff --git a/plugins/kaitai/parsers/meta-int.h b/plugins/kaitai/parsers/meta-int.h index 7d847ef..5fe9174 100644 --- a/plugins/kaitai/parsers/meta-int.h +++ b/plugins/kaitai/parsers/meta-int.h @@ -39,6 +39,9 @@ struct _GKaitaiMeta SourceEndian endian; /* Boutisme par défaut */ + char **dependencies; /* Définitions à importer */ + size_t dep_count; /* Nombre de ces définitions */ + }; /* Description globale d'une définition Kaitai (classe) */ diff --git a/plugins/kaitai/parsers/meta.c b/plugins/kaitai/parsers/meta.c index dc30c73..132eefd 100644 --- a/plugins/kaitai/parsers/meta.c +++ b/plugins/kaitai/parsers/meta.c @@ -97,6 +97,9 @@ static void g_kaitai_meta_init(GKaitaiMeta *meta) meta->endian = SRE_LITTLE; + meta->dependencies = NULL; + meta->dep_count = 0; + } @@ -133,12 +136,20 @@ static void g_kaitai_meta_dispose(GKaitaiMeta *meta) static void g_kaitai_meta_finalize(GKaitaiMeta *meta) { + size_t i; /* Boucle de parcours */ + if (meta->id != NULL) free(meta->id); if (meta->title != NULL) free(meta->title); + for (i = 0; i < meta->dep_count; i++) + free(meta->dependencies[i]); + + if (meta->dependencies != NULL) + free(meta->dependencies); + G_OBJECT_CLASS(g_kaitai_meta_parent_class)->finalize(G_OBJECT(meta)); } @@ -188,6 +199,9 @@ bool g_kaitai_meta_create(GKaitaiMeta *meta, GYamlNode *parent) bool result; /* Bilan à retourner */ GYamlNode *node; /* Noeud particulier présent */ const char *value; /* Valeur Yaml particulière */ + GYamlNode **nodes; /* Eventuels noeuds trouvés */ + size_t count; /* Quantité de ces noeuds */ + size_t i; /* Boucle de parcours */ result = true; @@ -245,6 +259,45 @@ bool g_kaitai_meta_create(GKaitaiMeta *meta, GYamlNode *parent) } + /* Imports */ + + node = g_yaml_node_find_first_by_path(parent, "/meta/imports/"); + + if (node != NULL) + { + result = G_IS_YAML_COLLEC(node); + + if (result) + { + nodes = g_yaml_collection_get_nodes(G_YAML_COLLEC(node), &count); + + for (i = 0; i < count; i++) + { + if (!G_IS_YAML_PAIR(nodes[i])) + break; + + value = g_yaml_pair_get_key(G_YAML_PAIR(nodes[i])); + + meta->dependencies = realloc(meta->dependencies, ++meta->dep_count * sizeof(char *)); + + meta->dependencies[meta->dep_count - 1] = strdup(value); + + g_object_unref(G_OBJECT(nodes[i])); + + } + + result = (i == count); + + for (; i < count; i++) + g_object_unref(G_OBJECT(nodes[i])); + + if (nodes != NULL) + free(nodes); + + } + + } + return result; } @@ -279,7 +332,7 @@ const char *g_kaitai_meta_get_id(const GKaitaiMeta *meta) * * * Description : Fournit la désignation humaine d'une définiton Kaitai. * * * -* Retour : Intitulé de définition OU NULL. * +* Retour : Intitulé de définition ou NULL. * * * * Remarques : - * * * @@ -317,3 +370,29 @@ SourceEndian g_kaitai_meta_get_endian(const GKaitaiMeta *meta) return result; } + + +/****************************************************************************** +* * +* Paramètres : meta = description globale à consulter. * +* count = quantité de définitions à importer. [OUT] * +* * +* Description : Indique la liste des définitions à importer. * +* * +* Retour : Liste de désignations de définitions ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const char * const *g_kaitai_meta_get_dependencies(const GKaitaiMeta *meta, size_t *count) +{ + const char * const *result; /* Liste à retourner */ + + result = (const char * const *)meta->dependencies; + + *count = meta->dep_count; + + return result; + +} diff --git a/plugins/kaitai/parsers/meta.h b/plugins/kaitai/parsers/meta.h index 3797823..b8b685d 100644 --- a/plugins/kaitai/parsers/meta.h +++ b/plugins/kaitai/parsers/meta.h @@ -63,6 +63,9 @@ const char *g_kaitai_meta_get_title(const GKaitaiMeta *); /* Indique le boustime observé par défaut par une définiton. */ SourceEndian g_kaitai_meta_get_endian(const GKaitaiMeta *); +/* Indique la liste des définitions à importer. */ +const char * const *g_kaitai_meta_get_dependencies(const GKaitaiMeta *, size_t *); + #endif /* _PLUGINS_KAITAI_PARSERS_META_H */ diff --git a/plugins/kaitai/parsers/struct-int.h b/plugins/kaitai/parsers/struct-int.h index f34be32..6eb6e53 100644 --- a/plugins/kaitai/parsers/struct-int.h +++ b/plugins/kaitai/parsers/struct-int.h @@ -37,6 +37,8 @@ struct _GKaitaiStruct { GKaitaiParser parent; /* A laisser en premier */ + char *filename; /* Eventuelle source de données*/ + GKaitaiMeta *meta; /* Description globale */ GKaitaiAttribute **seq_items; /* Sous-attributs présents */ diff --git a/plugins/kaitai/parsers/struct.c b/plugins/kaitai/parsers/struct.c index 128a788..d447cf3 100644 --- a/plugins/kaitai/parsers/struct.c +++ b/plugins/kaitai/parsers/struct.c @@ -33,6 +33,7 @@ #include "struct-int.h" +#include "../import.h" #include "../parser.h" #include "../records/empty.h" #include "../records/group.h" @@ -54,13 +55,16 @@ static void g_kaitai_structure_dispose(GKaitaiStruct *); /* Procède à la libération totale de la mémoire. */ static void g_kaitai_structure_finalize(GKaitaiStruct *); +/* Charge les éventuelles dépendances de la définition. */ +static bool g_kaitai_structure_load_imports(GKaitaiStruct *); + /* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ /* Parcourt un contenu binaire selon des spécifications Kaitai. */ -static bool g_kaitai_structure_parse_content(GKaitaiStruct *, kaitai_scope_t *, GBinContent *, vmpa2t *, GMatchRecord **); +static bool g_kaitai_structure_parse_content(GKaitaiStruct *, kaitai_scope_t *, GBinContent *, ext_vmpa_t *, GMatchRecord **); @@ -116,6 +120,8 @@ static void g_kaitai_structure_class_init(GKaitaiStructClass *klass) static void g_kaitai_structure_init(GKaitaiStruct *kstruct) { + kstruct->filename = NULL; + kstruct->meta = NULL; kstruct->seq_items = NULL; @@ -182,6 +188,9 @@ static void g_kaitai_structure_dispose(GKaitaiStruct *kstruct) static void g_kaitai_structure_finalize(GKaitaiStruct *kstruct) { + if (kstruct->filename != NULL) + free(kstruct->filename); + if (kstruct->seq_items != NULL) free(kstruct->seq_items); @@ -305,6 +314,8 @@ bool g_kaitai_structure_create_from_file(GKaitaiStruct *kstruct, const char *fil bool result; /* Bilan à retourner */ GYamlNode *root; /* Noeud racine YAML */ + kstruct->filename = strdup(filename); + root = parse_yaml_from_file(filename); if (root != NULL) @@ -343,6 +354,7 @@ bool g_kaitai_structure_create(GKaitaiStruct *kstruct, GYamlNode *parent) GYamlNode **nodes; /* Eventuels noeuds trouvés */ size_t count; /* Quantité de ces noeuds */ size_t i; /* Boucle de parcours */ + size_t first; /* Premier emplacement dispo. */ bool failed; /* Détection d'un échec */ result = false; @@ -352,6 +364,9 @@ bool g_kaitai_structure_create(GKaitaiStruct *kstruct, GYamlNode *parent) kstruct->meta = g_kaitai_meta_new(parent); assert(kstruct->meta != NULL); + result = g_kaitai_structure_load_imports(kstruct); + if (!result) goto bad_loading; + /* Séquence */ collec = g_yaml_node_find_first_by_path(parent, "/seq/"); @@ -406,13 +421,15 @@ bool g_kaitai_structure_create(GKaitaiStruct *kstruct, GYamlNode *parent) if (count > 0) { - kstruct->types = calloc(count, sizeof(GKaitaiType *)); - kstruct->types_count = count; + first = kstruct->types_count; + + kstruct->types_count += count; + kstruct->types = realloc(kstruct->types, kstruct->types_count * sizeof(GKaitaiType *)); for (i = 0; i < count; i++) { - kstruct->types[i] = g_kaitai_type_new(nodes[i]); - if (kstruct->types[i] == NULL) break; + kstruct->types[first + i] = g_kaitai_type_new(nodes[i]); + if (kstruct->types[first + i] == NULL) break; g_object_unref(G_OBJECT(nodes[i])); @@ -529,6 +546,49 @@ bool g_kaitai_structure_create(GKaitaiStruct *kstruct, GYamlNode *parent) /****************************************************************************** * * +* Paramètres : kstruct = lecteur de définition à initialiser pleinement. * +* * +* Description : Charge les éventuelles dépendances de la définition. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_kaitai_structure_load_imports(GKaitaiStruct *kstruct) +{ + bool result; /* Bilan d'opération à renvoyer*/ + const char * const *dependencies; /* Liste d'imports requis */ + size_t count; /* Quantité de ces imports */ + size_t i; /* Boucle de parcours */ + GKaitaiType *imported; /* Structure importée */ + + result = true; + + dependencies = g_kaitai_meta_get_dependencies(kstruct->meta, &count); + + for (i = 0; i < count; i++) + { + imported = import_kaitai_definition(dependencies[i], kstruct->filename); + if (imported == NULL) break; + + kstruct->types_count++; + kstruct->types = realloc(kstruct->types, kstruct->types_count * sizeof(GKaitaiType *)); + + kstruct->types[kstruct->types_count - 1] = imported; + + } + + result = (i == count); + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : kstruct = structure Kaitai à consulter. * * * * Description : Fournit la description globale d'une définition Kaitai. * @@ -624,6 +684,9 @@ GKaitaiType *g_kaitai_structure_find_sub_type(const GKaitaiStruct *kstruct, cons break; } + result = g_kaitai_structure_find_sub_type(G_KAITAI_STRUCT(kstruct->types[i]), name); + if (result != NULL) break; + } return result; @@ -649,13 +712,15 @@ GMatchRecord *g_kaitai_structure_parse(GKaitaiStruct *kstruct, GBinContent *cont GMatchRecord *result; /* Arborescence à retourner */ vmpa2t pos; /* Tête de lecture */ kaitai_scope_t locals; /* Variables locales */ - bool status; /* Bilan de l'analyse */ + ext_vmpa_t epos; /* Tête de lecture complète */ g_binary_content_compute_start_pos(content, &pos); init_record_scope(&locals, kstruct->meta); - status = g_kaitai_parser_parse_content(G_KAITAI_PARSER(kstruct), &locals, content, &pos, &result); + init_evmpa_from_vmpa(&epos, &pos); + + g_kaitai_parser_parse_content(G_KAITAI_PARSER(kstruct), &locals, content, &epos, &result); return result; @@ -673,7 +738,7 @@ GMatchRecord *g_kaitai_structure_parse(GKaitaiStruct *kstruct, GBinContent *cont * Paramètres : kstruct = structure Kaitai en cours de parcours. * * locals = variables locales pour les résolutions de types. * * content = données binaires à analyser et traduire. * -* pos = tête de lecture courante. [OUT] * +* epos = tête de lecture courante. [OUT] * * record = noeud d'arborescence d'éléments rencontrés. [OUT] * * * * Description : Parcourt un contenu binaire selon des spécifications Kaitai. * @@ -684,7 +749,7 @@ GMatchRecord *g_kaitai_structure_parse(GKaitaiStruct *kstruct, GBinContent *cont * * ******************************************************************************/ -static bool g_kaitai_structure_parse_content(GKaitaiStruct *kstruct, kaitai_scope_t *locals, GBinContent *content, vmpa2t *pos, GMatchRecord **record) +static bool g_kaitai_structure_parse_content(GKaitaiStruct *kstruct, kaitai_scope_t *locals, GBinContent *content, ext_vmpa_t *epos, GMatchRecord **record) { bool result; /* Bilan à retourner */ GRecordGroup *group; /* Ensemble à constituer */ @@ -697,7 +762,7 @@ static bool g_kaitai_structure_parse_content(GKaitaiStruct *kstruct, kaitai_scop /* Si le groupe est vide */ if ((kstruct->seq_items_count + kstruct->instances_count) == 0) { - *record = G_MATCH_RECORD(g_record_empty_new(G_KAITAI_PARSER(kstruct), content, pos)); + *record = G_MATCH_RECORD(g_record_empty_new(G_KAITAI_PARSER(kstruct), content, &epos->base)); if (locals->root == NULL) locals->root = *record; @@ -716,10 +781,18 @@ static bool g_kaitai_structure_parse_content(GKaitaiStruct *kstruct, kaitai_scop old = locals->parent; locals->parent = *record; - for (i = 0; i < kstruct->seq_items_count; i++) + /** + * Les instances sont à charger avant les éléments fixes car + * des références au premières peuvent être attendues dans ces derniers. + * + * Les évolutions de la tête de lecture n'ont en revanche normalement + * pas d'incidence sur le chargement des éléments fixes. + */ + + for (i = 0; i < kstruct->instances_count; i++) { - result = g_kaitai_parser_parse_content(G_KAITAI_PARSER(kstruct->seq_items[i]), - locals, content, pos, &child); + result = g_kaitai_parser_parse_content(G_KAITAI_PARSER(kstruct->instances[i]), + locals, content, epos, &child); if (!result) goto exit; if (child != NULL) @@ -730,10 +803,16 @@ static bool g_kaitai_structure_parse_content(GKaitaiStruct *kstruct, kaitai_scop } - for (i = 0; i < kstruct->instances_count; i++) + /** + * Seconde phase. + */ + + locals->parent = *record; + + for (i = 0; i < kstruct->seq_items_count; i++) { - result = g_kaitai_parser_parse_content(G_KAITAI_PARSER(kstruct->instances[i]), - locals, content, pos, &child); + result = g_kaitai_parser_parse_content(G_KAITAI_PARSER(kstruct->seq_items[i]), + locals, content, epos, &child); if (!result) goto exit; if (child != NULL) @@ -748,6 +827,9 @@ static bool g_kaitai_structure_parse_content(GKaitaiStruct *kstruct, kaitai_scop locals->parent = old; + if (!result) + g_clear_object(record); + } return result; diff --git a/plugins/kaitai/parsers/switch.c b/plugins/kaitai/parsers/switch.c index c823f27..6cfc96b 100644 --- a/plugins/kaitai/parsers/switch.c +++ b/plugins/kaitai/parsers/switch.c @@ -83,7 +83,7 @@ static void g_kaitai_switch_finalize(GKaitaiSwitch *); /* Parcourt un contenu binaire selon des spécifications Kaitai. */ -static bool g_kaitai_switch_parse_content(GKaitaiSwitch *, kaitai_scope_t *, GBinContent *, vmpa2t *, GMatchRecord **); +static bool g_kaitai_switch_parse_content(GKaitaiSwitch *, kaitai_scope_t *, GBinContent *, ext_vmpa_t *, GMatchRecord **); @@ -285,7 +285,7 @@ static const char *is_suitable_switch_case_for_integer(const switch_case_t *swca { if (value->type == GVT_UNSIGNED_INTEGER) { - unsigned_conv = strtoull(swcase->value, NULL, 10); + unsigned_conv = strtoull(swcase->value, NULL, 0); valid = (errno != ERANGE && errno != EINVAL); @@ -295,7 +295,7 @@ static const char *is_suitable_switch_case_for_integer(const switch_case_t *swca } else { - signed_conv = strtoll(swcase->value, NULL, 10); + signed_conv = strtoll(swcase->value, NULL, 0); valid = (errno != ERANGE && errno != EINVAL); @@ -569,7 +569,7 @@ bool g_kaitai_switch_create(GKaitaiSwitch *kswitch, GYamlNode *parent, GKaitaiAt * Paramètres : kswitch = structure Kaitai en cours de parcours. * * locals = variables locales pour les résolutions de types. * * content = données binaires à analyser et traduire. * -* pos = tête de lecture courante. [OUT] * +* epos = tête de lecture courante. [OUT] * * record = noeud d'arborescence d'éléments rencontrés. [OUT] * * * * Description : Parcourt un contenu binaire selon des spécifications Kaitai. * @@ -580,127 +580,65 @@ bool g_kaitai_switch_create(GKaitaiSwitch *kswitch, GYamlNode *parent, GKaitaiAt * * ******************************************************************************/ -static bool g_kaitai_switch_parse_content(GKaitaiSwitch *kswitch, kaitai_scope_t *locals, GBinContent *content, vmpa2t *pos, GMatchRecord **record) +static bool g_kaitai_switch_parse_content(GKaitaiSwitch *kswitch, kaitai_scope_t *locals, GBinContent *content, ext_vmpa_t *epos, GMatchRecord **record) { bool result; /* Bilan à retourner */ - GMatchRecord *reference; /* Correspondance à utiliser */ - GKaitaiParser *creator; /* Lecteur d'origine */ - KaitaiAttributePayload payload; /* Type de charge supportée */ - BaseType basic; /* Type de base reconnu */ - bool is_string; /* Type lié à une chaîne ? */ -#ifndef NDEBUG - bool status; /* Bilan d'une consultation */ -#endif const char *final_type; /* Type à utiliser au final */ resolved_value_t value; /* Valeur de cible entière */ + bool status; /* Bilan intermédiaire */ size_t i; /* Boucle de parcours */ GKaitaiAttribute *attrib; /* Lecteur approprié */ - result = false; - - /* Détermination de la forme de comparaison */ - - reference = g_match_record_find_by_name(locals->parent, - kswitch->target, strlen(kswitch->target), - DIRECT_SEARCH_DEEP_LEVEL); - - if (reference == NULL) - goto exit; - - creator = g_match_record_get_creator(reference); - - if (creator == NULL) - goto exit_with_ref; - - if (!G_IS_KAITAI_ATTRIBUTE(creator)) - goto exit_with_creator; - - payload = g_kaitai_attribute_get_payload(G_KAITAI_ATTRIBUTE(creator)); - - if ((payload & KAP_BASIC_TYPE) == 0) - goto exit_with_creator; - -#ifndef NDEBUG - status = g_kaitai_attribute_get_basic_type(G_KAITAI_ATTRIBUTE(creator), &basic, &is_string); - assert(status); -#else - g_kaitai_attribute_get_basic_type(G_KAITAI_ATTRIBUTE(creator), &basic, &is_string); -#endif - - /* Détermination du type visé */ + result = true; final_type = NULL; - if (is_string) - { - result = resolve_kaitai_expression_as_bytes(locals, - kswitch->target, - strlen(kswitch->target), - &value); - if (!result) goto exit_with_creator; + /* Tenative n°1 : version "entier" */ + + status = resolve_kaitai_expression_as_integer(locals, kswitch->target, strlen(kswitch->target), &value); + if (status) for (i = 0; i < kswitch->count; i++) { - final_type = is_suitable_switch_case_for_bytes(kswitch->cases[i], &value); + final_type = is_suitable_switch_case_for_integer(kswitch->cases[i], locals, &value); if (final_type != NULL) - break; + goto next_step; } - } - - else - { - if (basic == BTP_UCHAR || basic == BTP_USHORT || basic == BTP_UINT || basic == BTP_ULONG_LONG) - { - result = resolve_kaitai_expression_as_integer(locals, - kswitch->target, - strlen(kswitch->target), - &value); - if (!result) goto exit_with_creator; + status = resolve_kaitai_expression_as_bytes(locals, kswitch->target, strlen(kswitch->target), &value); - for (i = 0; i < kswitch->count; i++) - { - final_type = is_suitable_switch_case_for_integer(kswitch->cases[i], locals, &value); + /* Tenative n°1 : version "chaîne" */ - if (final_type != NULL) - break; + if (status) + for (i = 0; i < kswitch->count; i++) + { + final_type = is_suitable_switch_case_for_bytes(kswitch->cases[i], &value); - } + if (final_type != NULL) + goto next_step; } - else - printf("other type: %u\n", basic); - - } - if (final_type == NULL && kswitch->defcase != NULL) final_type = kswitch->defcase->type; + next_step: + /* Mise en place d'un attribut et analyse */ if (final_type != NULL) { attrib = g_kaitai_attribute_dup_for_user_type(kswitch->generic, final_type); - result = g_kaitai_parser_parse_content(G_KAITAI_PARSER(attrib), locals, content, pos, record); + result = g_kaitai_parser_parse_content(G_KAITAI_PARSER(attrib), locals, content, epos, record); g_object_unref(G_OBJECT(attrib)); } - exit_with_creator: - - g_object_unref(G_OBJECT(creator)); - - exit_with_ref: - - g_object_unref(G_OBJECT(reference)); - - exit: - + return true; return result; } diff --git a/plugins/kaitai/parsers/type-int.h b/plugins/kaitai/parsers/type-int.h index 4a4d939..535ce57 100644 --- a/plugins/kaitai/parsers/type-int.h +++ b/plugins/kaitai/parsers/type-int.h @@ -50,6 +50,9 @@ struct _GKaitaiTypeClass /* Met en place un lecteur de type pour Kaitai. */ bool g_kaitai_type_create(GKaitaiType *, GYamlNode *); +/* Met en place un lecteur de type externe pour Kaitai. */ +bool g_kaitai_type_create_as_import(GKaitaiType *, const char *, const char *); + #endif /* PLUGINS_KAITAI_PARSERS_TYPE_INT_H */ diff --git a/plugins/kaitai/parsers/type.c b/plugins/kaitai/parsers/type.c index 30d0373..81efbeb 100644 --- a/plugins/kaitai/parsers/type.c +++ b/plugins/kaitai/parsers/type.c @@ -215,6 +215,64 @@ bool g_kaitai_type_create(GKaitaiType *type, GYamlNode *parent) /****************************************************************************** * * +* Paramètres : name = nom à attribuer au futur type. * +* filename = chemin vers une définition Kaitai à charger. * +* * +* Description : Construit un lecteur de type externe pour Kaitai. * +* * +* Retour : Instance mise en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GKaitaiType *g_kaitai_type_new_as_import(const char *name, const char *filename) +{ + GKaitaiType *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_KAITAI_TYPE, NULL); + + if (!g_kaitai_type_create_as_import(result, name, filename)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : type = lecteur de type Kaitai à initialiser pleinement. * +* name = nom à attribuer au futur type. * +* filename = chemin vers une définition Kaitai à charger. * +* * +* Description : Met en place un lecteur de type externe pour Kaitai. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_kaitai_type_create_as_import(GKaitaiType *type, const char *name, const char *filename) +{ + bool result; /* Bilan à retourner */ + + /* Extraction du nom */ + + type->name = strdup(name); + + /* Extraction des bases du type */ + + result = g_kaitai_structure_create_from_file(G_KAITAI_STRUCT(type), filename); + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : type = définition de type particulier à consulter. * * * * Description : Indique le nom de scène du type représenté. * diff --git a/plugins/kaitai/parsers/type.h b/plugins/kaitai/parsers/type.h index 0656c64..d19ab90 100644 --- a/plugins/kaitai/parsers/type.h +++ b/plugins/kaitai/parsers/type.h @@ -54,6 +54,9 @@ GType g_kaitai_type_get_type(void); /* Construit un lecteur de type pour Kaitai. */ GKaitaiType *g_kaitai_type_new(GYamlNode *); +/* Construit un lecteur de type externe pour Kaitai. */ +GKaitaiType *g_kaitai_type_new_as_import(const char *, const char *); + /* Indique le nom de scène du type représenté. */ const char *g_kaitai_type_get_name(const GKaitaiType *); diff --git a/plugins/kaitai/python/Makefile.am b/plugins/kaitai/python/Makefile.am index ab40744..f222a66 100644 --- a/plugins/kaitai/python/Makefile.am +++ b/plugins/kaitai/python/Makefile.am @@ -11,7 +11,8 @@ libkaitaipython_la_SOURCES = \ libkaitaipython_la_LIBADD = \ parsers/libkaitaipythonparsers.la \ - records/libkaitaipythonrecords.la + records/libkaitaipythonrecords.la \ + rost/libkaitaipythonrost.la libkaitaipython_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT @@ -22,4 +23,4 @@ devdir = $(includedir)/chrysalide-$(subdir) dev_HEADERS = $(libkaitaipython_la_SOURCES:%c=) -SUBDIRS = parsers records +SUBDIRS = parsers records rost diff --git a/plugins/kaitai/python/module.c b/plugins/kaitai/python/module.c index fa1f9c2..07fb962 100644 --- a/plugins/kaitai/python/module.c +++ b/plugins/kaitai/python/module.c @@ -39,6 +39,7 @@ #include "stream.h" #include "parsers/module.h" #include "records/module.h" +#include "rost/module.h" @@ -89,6 +90,7 @@ bool add_kaitai_module_to_python_module(void) if (result) result = add_kaitai_parsers_module(); if (result) result = add_kaitai_records_module(); + if (result) result = add_kaitai_rost_module(); if (!result) Py_XDECREF(module); @@ -124,6 +126,7 @@ bool populate_kaitai_module(void) if (result) result = populate_kaitai_parsers_module(); if (result) result = populate_kaitai_records_module(); + if (result) result = populate_kaitai_rost_module(); assert(result); diff --git a/plugins/kaitai/python/parsers/attribute.c b/plugins/kaitai/python/parsers/attribute.c index c8ea314..c2f3db6 100644 --- a/plugins/kaitai/python/parsers/attribute.c +++ b/plugins/kaitai/python/parsers/attribute.c @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * attribute.h - équivalent Python du fichier "plugins/kaitai/parsers/attribute.h" + * attribute.c - équivalent Python du fichier "plugins/kaitai/parsers/attribute.c" * * Copyright (C) 2019 Cyrille Bagard * @@ -149,9 +149,14 @@ static PyObject *py_kaitai_attribute_get_raw_id(PyObject *self, void *closure) attrib = G_KAITAI_ATTRIBUTE(pygobject_get(self)); value = g_kaitai_attribute_get_raw_id(attrib); - assert(value != NULL); - result = PyUnicode_FromString(value); + if (value == NULL) + { + result = Py_None; + Py_INCREF(result); + } + else + result = PyUnicode_FromString(value); return result; diff --git a/plugins/kaitai/python/parsers/meta.c b/plugins/kaitai/python/parsers/meta.c index 3432640..0bd7bf9 100644 --- a/plugins/kaitai/python/parsers/meta.c +++ b/plugins/kaitai/python/parsers/meta.c @@ -50,6 +50,9 @@ static PyObject *py_kaitai_meta_get_id(PyObject *, void *); /* Fournit la désignation humaine d'une définiton Kaitai. */ static PyObject *py_kaitai_meta_get_title(PyObject *, void *); +/* Indique la liste des définitions à importer. */ +static PyObject *py_kaitai_meta_get_dependencies(PyObject *, void *); + /****************************************************************************** @@ -162,7 +165,7 @@ static PyObject *py_kaitai_meta_get_id(PyObject *self, void *closure) * * * Description : Fournit la désignation humaine d'une définiton Kaitai. * * * -* Retour : Intitulé de définition OU None. * +* Retour : Intitulé de définition ou None. * * * * Remarques : - * * * @@ -206,7 +209,7 @@ static PyObject *py_kaitai_meta_get_title(PyObject *self, void *closure) * * * Description : Fournit la désignation humaine d'une définiton Kaitai. * * * -* Retour : Intitulé de définition OU None. * +* Retour : Intitulé de définition ou None. * * * * Remarques : - * * * @@ -238,6 +241,50 @@ static PyObject *py_kaitai_meta_get_endian(PyObject *self, void *closure) /****************************************************************************** * * +* Paramètres : self = objet Python concerné par l'appel. * +* closure = non utilisé ici. * +* * +* Description : Indique la liste des définitions à importer. * +* * +* Retour : Liste de désignations de définitions, vide ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_kaitai_meta_get_dependencies(PyObject *self, void *closure) +{ + PyObject *result; /* Valeur à retourner */ + GKaitaiMeta *meta; /* Version native de l'objet */ + const char * const *dependencies; /* Liste d'imports requis */ + size_t count; /* Quantité de ces imports */ + size_t i; /* Boucle de parcours */ + +#define KAITAI_META_DEPENDENCIES_ATTRIB PYTHON_GET_DEF_FULL \ +( \ + dependencies, py_kaitai_meta, \ + "Tuple of all definitions to import for the current" \ + " definition.\n" \ + "\n" \ + "The result may be an empty string list." \ +) + + meta = G_KAITAI_META(pygobject_get(self)); + + dependencies = g_kaitai_meta_get_dependencies(meta, &count); + + result = PyTuple_New(count); + + for (i = 0; i < count; i++) + PyTuple_SetItem(result, i, PyUnicode_FromString(dependencies[i])); + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : - * * * * Description : Fournit un accès à une définition de type à diffuser. * @@ -258,6 +305,7 @@ PyTypeObject *get_python_kaitai_meta_type(void) KAITAI_META_ID_ATTRIB, KAITAI_META_TITLE_ATTRIB, KAITAI_META_ENDIAN_ATTRIB, + KAITAI_META_DEPENDENCIES_ATTRIB, { NULL } }; diff --git a/plugins/kaitai/python/records/Makefile.am b/plugins/kaitai/python/records/Makefile.am index 1413228..3a3c672 100644 --- a/plugins/kaitai/python/records/Makefile.am +++ b/plugins/kaitai/python/records/Makefile.am @@ -2,12 +2,13 @@ noinst_LTLIBRARIES = libkaitaipythonrecords.la libkaitaipythonrecords_la_SOURCES = \ + bits.h bits.c \ + delayed.h delayed.c \ empty.h empty.c \ group.h group.c \ item.h item.c \ list.h list.c \ - module.h module.c \ - value.h value.c + module.h module.c libkaitaipythonrecords_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT diff --git a/plugins/kaitai/python/records/bits.c b/plugins/kaitai/python/records/bits.c new file mode 100644 index 0000000..f94148b --- /dev/null +++ b/plugins/kaitai/python/records/bits.c @@ -0,0 +1,318 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * bits.h - équivalent Python du fichier "plugins/kaitai/parsers/bits.h" + * + * Copyright (C) 2019 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "bits.h" + + +#include <assert.h> +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> +#include <plugins/pychrysalide/analysis/content.h> +#include <plugins/pychrysalide/arch/vmpa.h> + + +#include "../record.h" +#include "../parsers/attribute.h" +#include "../../records/bits-int.h" + + + +CREATE_DYN_CONSTRUCTOR(record_bit_field, G_TYPE_RECORD_BIT_FIELD); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_record_bit_field_init(PyObject *, PyObject *, PyObject *); + +/* Lit la valeur d'un élément Kaitai entier représenté. */ +static PyObject *py_record_bit_field_get_value(PyObject *, void *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_record_bit_field_init(PyObject *self, PyObject *args, PyObject *kwds) +{ +#if 0 + GKaitaiAttribute *attrib; /* Attribut défini créateur */ + GBinContent *content; /* Contenu binaire analysé */ + mrange_t range; /* Espace couvert */ + SourceEndian endian; /* Boutisme à observer */ + int ret; /* Bilan de lecture des args. */ + GRecordBitField *field; /* Création GLib à transmettre */ +#endif + +#define RECORD_BIT_FIELD_DOC \ + "The RecordItem class remembers a match between a described attribute and" \ + " its concret value read from parsed binary data." \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " RecordItem(content, range, endian, attrib)" \ + "\n" \ + "Where the *attrib* arguments refers to a" \ + " pychrysalide.plugins.kaitai.parsers.KaitaiAttribute instance as the" \ + " creator of the newly created object, *content* points to a" \ + " pychrysalide.analysis.BinContent instance, *range* is a" \ + " pychrysalide.arch.mrange object, *endian* states with a" \ + " pychrysalide.analysis.BinContent.SourceEndian hint the endianness used" \ + " to read integer values." + + /* Récupération des paramètres */ + +#if 0 /* FIXME */ + + ret = PyArg_ParseTuple(args, "O&O&O&", + convert_to_kaitai_attribute, &attrib, + convert_to_binary_content, &content, + convert_any_to_mrange, &range, + convert_to_binary_content, &endian); + if (!ret) return -1; + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + /* Eléments de base */ + + field = G_RECORD_BIT_FIELD(pygobject_get(self)); + + if (!g_record_bit_field_create(field, attrib, content, &range, endian)) + { + PyErr_SetString(PyExc_ValueError, _("Unable to create record bit field.")); + return -1; + } + + return 0; + +#endif + + PyErr_SetString(PyExc_ValueError, _("Unable to create record bit field at the moment.")); + return -1; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* closure = non utilisé ici. * +* * +* Description : Lit la valeur d'un élément Kaitai entier représenté. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_record_bit_field_get_value(PyObject *self, void *closure) +{ + PyObject *result; /* Valeur à retourner */ + GRecordBitField *field; /* Version native de l'élément */ + resolved_value_t resolved; /* Valeur sous forme générique */ + bool status; /* Bilan d'opération */ + +#define RECORD_BIT_FIELD_VALUE_ATTRIB PYTHON_GET_DEF_FULL \ +( \ + value, py_record_bit_field, \ + "Carried value (as integer), or None in case of error." \ +) + + result = NULL; + + field = G_RECORD_BIT_FIELD(pygobject_get(self)); + + status = g_record_bit_field_get_value(field, &resolved); + + if (status) + switch (resolved.type) + { + case GVT_UNSIGNED_INTEGER: + result = PyLong_FromUnsignedLongLong(resolved.unsigned_integer); + break; + + default: + assert(false); + result = Py_None; + Py_INCREF(result); + break; + + } + + else + { + result = Py_None; + Py_INCREF(result); + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_record_bit_field_type(void) +{ + static PyMethodDef py_record_bit_field_methods[] = { + { NULL } + }; + + static PyGetSetDef py_record_bit_field_getseters[] = { + RECORD_BIT_FIELD_VALUE_ATTRIB, + { NULL } + }; + + static PyTypeObject py_record_bit_field_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.plugins.kaitai.records.RecordBitField", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = RECORD_BIT_FIELD_DOC, + + .tp_methods = py_record_bit_field_methods, + .tp_getset = py_record_bit_field_getseters, + + .tp_init = py_record_bit_field_init, + .tp_new = py_record_bit_field_new, + + }; + + return &py_record_bit_field_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide.....RecordBitField. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_record_bit_field_is_registered(void) +{ + PyTypeObject *type; /* Type Python 'RecordItem' */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_record_bit_field_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.plugins.kaitai.records"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_match_record_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_RECORD_BIT_FIELD, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en correspondance attribut/binaire. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_record_bit_field(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_record_bit_field_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to record bit field"); + break; + + case 1: + *((GRecordBitField **)dst) = G_RECORD_BIT_FIELD(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/kaitai/python/records/bits.h b/plugins/kaitai/python/records/bits.h new file mode 100644 index 0000000..6c833bb --- /dev/null +++ b/plugins/kaitai/python/records/bits.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * bits.h - prototypes pour l'équivalent Python du fichier "plugins/kaitai/records/bits.h" + * + * Copyright (C) 2019 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_KAITAI_PYTHON_RECORDS_BITS_H +#define _PLUGINS_KAITAI_PYTHON_RECORDS_BITS_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_record_bit_field_type(void); + +/* Prend en charge l'objet 'pychrysalide.plugins.kaitai.records.RecordBitField'. */ +bool ensure_python_record_bit_field_is_registered(void); + +/* Tente de convertir en correspondance attribut/binaire. */ +int convert_to_record_bit_field(PyObject *, void *); + + + +#endif /* _PLUGINS_KAITAI_PYTHON_RECORDS_BITS_H */ diff --git a/plugins/kaitai/python/records/value.c b/plugins/kaitai/python/records/delayed.c index bd4ad74..32e3db1 100644 --- a/plugins/kaitai/python/records/value.c +++ b/plugins/kaitai/python/records/delayed.c @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * value.c - équivalent Python du fichier "plugins/kaitai/parsers/value.c" + * delayed.c - équivalent Python du fichier "plugins/kaitai/parsers/delayed.c" * * Copyright (C) 2019 Cyrille Bagard * @@ -22,7 +22,7 @@ */ -#include "value.h" +#include "delayed.h" #include <assert.h> @@ -40,17 +40,17 @@ #include "../record.h" #include "../scope.h" #include "../parsers/instance.h" -#include "../../records/value-int.h" +#include "../../records/delayed-int.h" -CREATE_DYN_CONSTRUCTOR(record_value, G_TYPE_RECORD_VALUE); +CREATE_DYN_CONSTRUCTOR(record_delayed, G_TYPE_RECORD_DELAYED); /* Initialise une instance sur la base du dérivé de GObject. */ -static int py_record_value_init(PyObject *, PyObject *, PyObject *); +static int py_record_delayed_init(PyObject *, PyObject *, PyObject *); /* Lit la valeur d'un élément Kaitai entier représenté. */ -static PyObject *py_record_value_get_value(PyObject *, void *); +static PyObject *py_record_delayed_get_value(PyObject *, void *); @@ -68,31 +68,37 @@ static PyObject *py_record_value_get_value(PyObject *, void *); * * ******************************************************************************/ -static int py_record_value_init(PyObject *self, PyObject *args, PyObject *kwds) +static int py_record_delayed_init(PyObject *self, PyObject *args, PyObject *kwds) { GKaitaiInstance *inst; /* Instance définie créatrice */ kaitai_scope_t *locals; /* Environnement local */ + GBinContent *content; /* Contenu binaire analysé */ int ret; /* Bilan de lecture des args. */ - GRecordValue *value; /* Création GLib à transmettre */ + GRecordDelayed *delayed; /* Création GLib à transmettre */ -#define RECORD_VALUE_DOC \ - "The RecordValue class stores a link to an instance used to compute a" \ +#define RECORD_DELAYED_DOC \ + "The RecordDelayed class stores a link to an instance used to compute a" \ " given value." \ "\n" \ "Instances can be created using the following constructor:\n" \ "\n" \ - " RecordValue(inst, locals)" \ + " RecordDelayed(inst, locals, content)" \ "\n" \ "Where the *inst* arguments refers to a" \ " pychrysalide.plugins.kaitai.parsers.KaitaiInstance instance as the" \ " creator of the newly created object, *locals* points to a" \ - " pychrysalide.plugins.kaitai.KaitaiScope structure used as current scope." + " pychrysalide.plugins.kaitai.KaitaiScope structure used as current scope." \ + " The *content* argument is a pychrysalide.analysis.BinContent instance if" \ + " the delayed instance does not define a direct value." /* Récupération des paramètres */ - ret = PyArg_ParseTuple(args, "O&O&", + content = NULL; + + ret = PyArg_ParseTuple(args, "O&O&|O&", convert_to_kaitai_instance, &inst, - convert_to_kaitai_scope, &locals); + convert_to_kaitai_scope, &locals, + convert_to_binary_content_or_none, &content); if (!ret) return -1; /* Initialisation d'un objet GLib */ @@ -102,11 +108,11 @@ static int py_record_value_init(PyObject *self, PyObject *args, PyObject *kwds) /* Eléments de base */ - value = G_RECORD_VALUE(pygobject_get(self)); + delayed = G_RECORD_DELAYED(pygobject_get(self)); - if (!g_record_value_create(value, inst, locals)) + if (!g_record_delayed_create(delayed, inst, locals, content)) { - PyErr_SetString(PyExc_ValueError, _("Unable to create record value.")); + PyErr_SetString(PyExc_ValueError, _("Unable to create record delayed.")); return -1; } @@ -128,24 +134,24 @@ static int py_record_value_init(PyObject *self, PyObject *args, PyObject *kwds) * * ******************************************************************************/ -static PyObject *py_record_value_get_value(PyObject *self, void *closure) +static PyObject *py_record_delayed_get_value(PyObject *self, void *closure) { PyObject *result; /* Valeur à retourner */ - GRecordValue *value; /* Version native de l'élément */ + GRecordDelayed *delayed; /* Version native de l'élément */ resolved_value_t resolved; /* Valeur sous forme générique */ bool status; /* Bilan d'opération */ -#define RECORD_VALUE_VALUE_ATTRIB PYTHON_GET_DEF_FULL \ +#define RECORD_DELAYED_VALUE_ATTRIB PYTHON_GET_DEF_FULL \ ( \ - value, py_record_value, \ + value, py_record_delayed, \ "Carried value (as integer, bytes), or None in case of error." \ ) result = NULL; - value = G_RECORD_VALUE(pygobject_get(self)); + delayed = G_RECORD_DELAYED(pygobject_get(self)); - status = g_record_value_compute_and_aggregate_value(value, &resolved); + status = g_record_delayed_compute_and_aggregate_value(delayed, &resolved); if (status) switch (resolved.type) @@ -216,37 +222,37 @@ static PyObject *py_record_value_get_value(PyObject *self, void *closure) * * ******************************************************************************/ -PyTypeObject *get_python_record_value_type(void) +PyTypeObject *get_python_record_delayed_type(void) { - static PyMethodDef py_record_value_methods[] = { + static PyMethodDef py_record_delayed_methods[] = { { NULL } }; - static PyGetSetDef py_record_value_getseters[] = { - RECORD_VALUE_VALUE_ATTRIB, + static PyGetSetDef py_record_delayed_getseters[] = { + RECORD_DELAYED_VALUE_ATTRIB, { NULL } }; - static PyTypeObject py_record_value_type = { + static PyTypeObject py_record_delayed_type = { PyVarObject_HEAD_INIT(NULL, 0) - .tp_name = "pychrysalide.plugins.kaitai.records.RecordValue", + .tp_name = "pychrysalide.plugins.kaitai.records.RecordDelayed", .tp_basicsize = sizeof(PyGObject), .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, - .tp_doc = RECORD_VALUE_DOC, + .tp_doc = RECORD_DELAYED_DOC, - .tp_methods = py_record_value_methods, - .tp_getset = py_record_value_getseters, + .tp_methods = py_record_delayed_methods, + .tp_getset = py_record_delayed_getseters, - .tp_init = py_record_value_init, - .tp_new = py_record_value_new, + .tp_init = py_record_delayed_init, + .tp_new = py_record_delayed_new, }; - return &py_record_value_type; + return &py_record_delayed_type; } @@ -255,7 +261,7 @@ PyTypeObject *get_python_record_value_type(void) * * * Paramètres : - * * * -* Description : Prend en charge l'objet 'pychrysalide...records.RecordValue. * +* Description : Prend en charge l'objet 'pychrysalide..records.RecordDelayed.* * * * Retour : Bilan de l'opération. * * * @@ -263,13 +269,13 @@ PyTypeObject *get_python_record_value_type(void) * * ******************************************************************************/ -bool ensure_python_record_value_is_registered(void) +bool ensure_python_record_delayed_is_registered(void) { - PyTypeObject *type; /* Type Python 'RecordValue' */ + PyTypeObject *type; /* Type Python 'RecordDelayed' */ PyObject *module; /* Module à recompléter */ PyObject *dict; /* Dictionnaire du module */ - type = get_python_record_value_type(); + type = get_python_record_delayed_type(); if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) { @@ -280,7 +286,7 @@ bool ensure_python_record_value_is_registered(void) if (!ensure_python_match_record_is_registered()) return false; - if (!register_class_for_pygobject(dict, G_TYPE_RECORD_VALUE, type)) + if (!register_class_for_pygobject(dict, G_TYPE_RECORD_DELAYED, type)) return false; } @@ -303,11 +309,11 @@ bool ensure_python_record_value_is_registered(void) * * ******************************************************************************/ -int convert_to_record_value(PyObject *arg, void *dst) +int convert_to_record_delayed(PyObject *arg, void *dst) { int result; /* Bilan à retourner */ - result = PyObject_IsInstance(arg, (PyObject *)get_python_record_value_type()); + result = PyObject_IsInstance(arg, (PyObject *)get_python_record_delayed_type()); switch (result) { @@ -317,11 +323,11 @@ int convert_to_record_value(PyObject *arg, void *dst) break; case 0: - PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to record value"); + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to record delayed"); break; case 1: - *((GRecordValue **)dst) = G_RECORD_VALUE(pygobject_get(arg)); + *((GRecordDelayed **)dst) = G_RECORD_DELAYED(pygobject_get(arg)); break; default: diff --git a/plugins/kaitai/python/records/value.h b/plugins/kaitai/python/records/delayed.h index 16cadcb..ba2d23a 100644 --- a/plugins/kaitai/python/records/value.h +++ b/plugins/kaitai/python/records/delayed.h @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * value.h - prototypes pour l'équivalent Python du fichier "plugins/kaitai/records/value.h" + * delayed.h - prototypes pour l'équivalent Python du fichier "plugins/kaitai/records/delayed.h" * * Copyright (C) 2019 Cyrille Bagard * @@ -22,8 +22,8 @@ */ -#ifndef _PLUGINS_KAITAI_PYTHON_RECORDS_VALUE_H -#define _PLUGINS_KAITAI_PYTHON_RECORDS_VALUE_H +#ifndef _PLUGINS_KAITAI_PYTHON_RECORDS_DELAYED_H +#define _PLUGINS_KAITAI_PYTHON_RECORDS_DELAYED_H #include <Python.h> @@ -32,14 +32,14 @@ /* Fournit un accès à une définition de type à diffuser. */ -PyTypeObject *get_python_record_value_type(void); +PyTypeObject *get_python_record_delayed_type(void); -/* Prend en charge l'objet 'pychrysalide.plugins.kaitai.records.RecordValue'. */ -bool ensure_python_record_value_is_registered(void); +/* Prend en charge l'objet 'pychrysalide.plugins.kaitai.records.RecordDelayed'. */ +bool ensure_python_record_delayed_is_registered(void); /* Tente de convertir en valeur calculée. */ -int convert_to_record_value(PyObject *, void *); +int convert_to_record_delayed(PyObject *, void *); -#endif /* _PLUGINS_KAITAI_PYTHON_RECORDS_VALUE_H */ +#endif /* _PLUGINS_KAITAI_PYTHON_RECORDS_DELAYED_H */ diff --git a/plugins/kaitai/python/records/module.c b/plugins/kaitai/python/records/module.c index ea33c31..af97434 100644 --- a/plugins/kaitai/python/records/module.c +++ b/plugins/kaitai/python/records/module.c @@ -32,11 +32,12 @@ #include <plugins/pychrysalide/helpers.h> +#include "bits.h" +#include "delayed.h" #include "empty.h" #include "group.h" #include "item.h" #include "list.h" -#include "value.h" @@ -109,11 +110,12 @@ bool populate_kaitai_records_module(void) result = true; + if (result) result = ensure_python_record_bit_field_is_registered(); + if (result) result = ensure_python_record_delayed_is_registered(); if (result) result = ensure_python_record_empty_is_registered(); if (result) result = ensure_python_record_group_is_registered(); if (result) result = ensure_python_record_item_is_registered(); if (result) result = ensure_python_record_list_is_registered(); - if (result) result = ensure_python_record_value_is_registered(); assert(result); diff --git a/plugins/kaitai/python/rost/Makefile.am b/plugins/kaitai/python/rost/Makefile.am new file mode 100644 index 0000000..cae0419 --- /dev/null +++ b/plugins/kaitai/python/rost/Makefile.am @@ -0,0 +1,14 @@ + +noinst_LTLIBRARIES = libkaitaipythonrost.la + +libkaitaipythonrost_la_SOURCES = \ + module.h module.c \ + trigger.h trigger.c + +libkaitaipythonrost_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT + + +devdir = $(includedir)/chrysalide-$(subdir) + +dev_HEADERS = $(libkaitaipythonrost_la_SOURCES:%c=) diff --git a/plugins/kaitai/python/rost/module.c b/plugins/kaitai/python/rost/module.c new file mode 100644 index 0000000..66a5a82 --- /dev/null +++ b/plugins/kaitai/python/rost/module.c @@ -0,0 +1,115 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.c - intégration du répertoire rost en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "module.h" + + +#include <Python.h> + + +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> + + +#include "trigger.h" + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Ajoute le module 'plugins.kaitai.rost' au module Python. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool add_kaitai_rost_module(void) +{ + bool result; /* Bilan à retourner */ + PyObject *super; /* Module à compléter */ + PyObject *module; /* Sous-module mis en place */ + +#define PYCHRYSALIDE_PLUGINS_KAITAI_ROST_DOC \ + "This module creates some glue to extend the ROST features" \ + " using Kaitai definitions for analyzing and filtering" \ + " contents." + + static PyModuleDef py_chrysalide_kaitai_rost_module = { + + .m_base = PyModuleDef_HEAD_INIT, + + .m_name = "pychrysalide.plugins.kaitai.rost", + .m_doc = PYCHRYSALIDE_PLUGINS_KAITAI_ROST_DOC, + + .m_size = -1, + + }; + + result = false; + + super = get_access_to_python_module("pychrysalide.plugins.kaitai"); + + module = build_python_module(super, &py_chrysalide_kaitai_rost_module); + + result = (module != NULL); + + assert(result); + + if (!result) + Py_XDECREF(module); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Intègre les objets du module 'plugins.kaitai.rost'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool populate_kaitai_rost_module(void) +{ + bool result; /* Bilan à retourner */ + + result = true; + + if (result) result = ensure_python_kaitai_trigger_is_registered(); + + assert(result); + + return result; + +} diff --git a/plugins/kaitai/python/rost/module.h b/plugins/kaitai/python/rost/module.h new file mode 100644 index 0000000..8415c2e --- /dev/null +++ b/plugins/kaitai/python/rost/module.h @@ -0,0 +1,41 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.h - prototypes pour l'intégration du répertoire rost en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_KAITAI_PYTHON_ROST_MODULE_H +#define _PLUGINS_KAITAI_PYTHON_ROST_MODULE_H + + +#include <stdbool.h> + + + +/* Ajoute le module 'plugins.kaitai.rost' au module Python. */ +bool add_kaitai_rost_module(void); + +/* Intègre les objets du module 'plugins.kaitai.rost'. */ +bool populate_kaitai_rost_module(void); + + + +#endif /* _PLUGINS_KAITAI_PYTHON_ROST_MODULE_H */ diff --git a/plugins/kaitai/python/rost/trigger.c b/plugins/kaitai/python/rost/trigger.c new file mode 100644 index 0000000..180ef6e --- /dev/null +++ b/plugins/kaitai/python/rost/trigger.c @@ -0,0 +1,236 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * trigger.c - équivalent Python du fichier "plugins/kaitai/rost/trigger.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "trigger.h" + + +#include <assert.h> +#include <pygobject.h> + + +#include <i18n.h> +#include <plugins/pychrysalide/access.h> +#include <plugins/pychrysalide/helpers.h> +#include <plugins/pychrysalide/analysis/scan/item.h> + + +#include "../parsers/struct.h" +#include "../../parsers/struct.h" +#include "../../rost/trigger-int.h" + + + +CREATE_DYN_CONSTRUCTOR(kaitai_trigger, G_TYPE_KAITAI_TRIGGER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_kaitai_trigger_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_kaitai_trigger_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + GKaitaiStruct *kstruct; /* Définition Kaitai en place */ + int ret; /* Bilan de lecture des args. */ + GKaitaiTrigger *trigger; /* Création GLib à transmettre */ + +#define KAITAI_TRIGGER_DOC \ + "The KaitaiTrigger object store an access to a loaded Kaitai definition" \ + " creates as many as required instances from it when ROST filters contents" \ + " with the help of the Kaitai module.\n" \ + "\n" \ + "Instances can be created using following constructor:\n" \ + "\n" \ + " KaitaiTrigger(kstruct)" \ + "\n" \ + "Where *kstruct* is a pychrysalide.plugins.kaitai.parsers.KaitaiStruct" \ + " instance loaded with a valid Kaitai definition." + + /* Récupération des paramètres */ + + ret = PyArg_ParseTuple(args, "O&", convert_to_kaitai_structure, &kstruct); + if (!ret) return -1; + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + /* Eléments de base */ + + trigger = G_KAITAI_TRIGGER(pygobject_get(self)); + + if (!g_kaitai_trigger_create(trigger, kstruct)) + { + PyErr_SetString(PyExc_ValueError, _("Unable to create Kaitai stream.")); + return -1; + + } + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_kaitai_trigger_type(void) +{ + static PyMethodDef py_kaitai_trigger_methods[] = { + { NULL } + }; + + static PyGetSetDef py_kaitai_trigger_getseters[] = { + { NULL } + }; + + static PyTypeObject py_kaitai_trigger_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.plugins.kaitai.rost.KaitaiTrigger", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = KAITAI_TRIGGER_DOC, + + .tp_methods = py_kaitai_trigger_methods, + .tp_getset = py_kaitai_trigger_getseters, + + .tp_init = py_kaitai_trigger_init, + .tp_new = py_kaitai_trigger_new, + + }; + + return &py_kaitai_trigger_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide....rost.KaitaiTrigger. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_kaitai_trigger_is_registered(void) +{ + PyTypeObject *type; /* Type Python 'RecordEmpty' */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_kaitai_trigger_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.plugins.kaitai.rost"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_scan_registered_item_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_KAITAI_TRIGGER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en accès à une définition Kaitai. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_kaitai_trigger(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_kaitai_trigger_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to Kaitai trigger"); + break; + + case 1: + *((GKaitaiTrigger **)dst) = G_KAITAI_TRIGGER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/kaitai/python/rost/trigger.h b/plugins/kaitai/python/rost/trigger.h new file mode 100644 index 0000000..44776f7 --- /dev/null +++ b/plugins/kaitai/python/rost/trigger.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * trigger.h - prototypes pour l'équivalent Python du fichier "plugins/kaitai/rost/trigger.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_KAITAI_PYTHON_ROST_TRIGGER_H +#define _PLUGINS_KAITAI_PYTHON_ROST_TRIGGER_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_kaitai_trigger_type(void); + +/* Prend en charge l'objet 'pychrysalide.plugins.kaitai.rost.KaitaiTrigger'. */ +bool ensure_python_kaitai_trigger_is_registered(void); + +/* Tente de convertir en accès à une définition Kaitai. */ +int convert_to_kaitai_trigger(PyObject *, void *); + + + +#endif /* _PLUGINS_KAITAI_PYTHON_ROST_TRIGGER_H */ diff --git a/plugins/kaitai/record.c b/plugins/kaitai/record.c index 5717b17..de1e80d 100644 --- a/plugins/kaitai/record.c +++ b/plugins/kaitai/record.c @@ -115,6 +115,10 @@ static void g_match_record_init(GMatchRecord *record) static void g_match_record_dispose(GMatchRecord *record) { + g_clear_object(&record->creator); + + g_clear_object(&record->content); + G_OBJECT_CLASS(g_match_record_parent_class)->dispose(G_OBJECT(record)); } @@ -331,12 +335,16 @@ static GMatchRecord *_g_match_record_find_by_name(GMatchRecord *record, const ch { label = g_kaitai_attribute_get_label(G_KAITAI_ATTRIBUTE(record->creator)); - label_len = strlen(label); - - if (label_len == len && strncmp(label, name, len) == 0) + if (label != NULL) { - result = record; - g_object_ref(G_OBJECT(result)); + label_len = strlen(label); + + if (label_len == len && strncmp(label, name, len) == 0) + { + result = record; + g_object_ref(G_OBJECT(result)); + } + } } diff --git a/plugins/kaitai/records/Makefile.am b/plugins/kaitai/records/Makefile.am index c11e823..3884bfb 100644 --- a/plugins/kaitai/records/Makefile.am +++ b/plugins/kaitai/records/Makefile.am @@ -2,6 +2,10 @@ noinst_LTLIBRARIES = libkaitairecords.la libkaitairecords_la_SOURCES = \ + bits-int.h \ + bits.h bits.c \ + delayed-int.h \ + delayed.h delayed.c \ empty-int.h \ empty.h empty.c \ group-int.h \ @@ -9,9 +13,7 @@ libkaitairecords_la_SOURCES = \ item-int.h \ item.h item.c \ list-int.h \ - list.h list.c \ - value-int.h \ - value.h value.c + list.h list.c libkaitairecords_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src diff --git a/plugins/kaitai/records/bits-int.h b/plugins/kaitai/records/bits-int.h new file mode 100644 index 0000000..7b03911 --- /dev/null +++ b/plugins/kaitai/records/bits-int.h @@ -0,0 +1,59 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * bits-int.h - prototypes internes pour la conservation d'un champ de bits entre attribut et binaire + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_KAITAI_RECORDS_BITS_INT_H +#define _PLUGINS_KAITAI_RECORDS_BITS_INT_H + + +#include "bits.h" + + +#include "../record-int.h" + + + +/* Correspondance de bits établie entre un attribut et du binaire (instance) */ +struct _GRecordBitField +{ + GMatchRecord parent; /* A laisser en premier */ + + ext_vmpa_t epos; /* Point de départ */ + uint8_t size; /* Quantité de bits concernés */ + SourceEndian endian; /* Boutisme des données imposé */ + +}; + +/* Correspondance de bits établie entre un attribut et du binaire (classe) */ +struct _GRecordBitFieldClass +{ + GMatchRecordClass parent; /* A laisser en premier */ + +}; + + +/* Met en place une correspondance entre attribut et binaire. */ +bool g_record_bit_field_create(GRecordBitField *, GKaitaiAttribute *, GBinContent *, const ext_vmpa_t *, uint8_t, SourceEndian); + + + +#endif /* _PLUGINS_KAITAI_RECORDS_BITS_INT_H */ diff --git a/plugins/kaitai/records/bits.c b/plugins/kaitai/records/bits.c new file mode 100644 index 0000000..d224112 --- /dev/null +++ b/plugins/kaitai/records/bits.c @@ -0,0 +1,283 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * bits.c - conservation d'un champ de bits entre attribut et binaire + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "bits.h" + + +#include <assert.h> +#include <string.h> + + +#include "bits-int.h" + + + +/* -------------------- DEFINITION D'UNE CORRESPONDANCE UNITAIRE -------------------- */ + + +/* Initialise la classe des correspondances attribut/binaire. */ +static void g_record_bit_field_class_init(GRecordBitFieldClass *); + +/* Initialise une correspondance entre attribut et binaire. */ +static void g_record_bit_field_init(GRecordBitField *); + +/* Supprime toutes les références externes. */ +static void g_record_bit_field_dispose(GRecordBitField *); + +/* Procède à la libération totale de la mémoire. */ +static void g_record_bit_field_finalize(GRecordBitField *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Calcule ou fournit la zone couverte par une correspondance. */ +static void g_record_bit_field_get_range(const GRecordBitField *, mrange_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* DEFINITION D'UNE CORRESPONDANCE UNITAIRE */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une correspondance entre un attribut et du binaire. */ +G_DEFINE_TYPE(GRecordBitField, g_record_bit_field, G_TYPE_MATCH_RECORD); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des correspondances attribut/binaire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_record_bit_field_class_init(GRecordBitFieldClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GMatchRecordClass *record; /* Version parente de la classe*/ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_record_bit_field_dispose; + object->finalize = (GObjectFinalizeFunc)g_record_bit_field_finalize; + + record = G_MATCH_RECORD_CLASS(klass); + + record->get_range = (get_record_range_fc)g_record_bit_field_get_range; + +} + + +/****************************************************************************** +* * +* Paramètres : field = instance à initialiser. * +* * +* Description : Initialise une correspondance entre attribut et binaire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_record_bit_field_init(GRecordBitField *field) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : field = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_record_bit_field_dispose(GRecordBitField *field) +{ + G_OBJECT_CLASS(g_record_bit_field_parent_class)->dispose(G_OBJECT(field)); + +} + + +/****************************************************************************** +* * +* Paramètres : field = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_record_bit_field_finalize(GRecordBitField *field) +{ + G_OBJECT_CLASS(g_record_bit_field_parent_class)->finalize(G_OBJECT(field)); + +} + + +/****************************************************************************** +* * +* Paramètres : attrib = analyseur à l'origine de la correspondance. * +* content = contenu binaire lié à la correspondance. * +* epos = tête de lecture avec granularité en bits. * +* size = quantité de bits à prendre en compte. * +* endian = boustime des données à respecter. * +* * +* Description : Crée une nouvelle correspondance entre attribut et binaire. * +* * +* Retour : Instance mise en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GMatchRecord *g_record_bit_field_new(GKaitaiAttribute *attrib, GBinContent *content, const ext_vmpa_t *epos, uint8_t size, SourceEndian endian) +{ + GMatchRecord *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_RECORD_BIT_FIELD, NULL); + + if (!g_record_bit_field_create(G_RECORD_BIT_FIELD(result), attrib, content, epos, size, endian)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : field = correspondance à initialiser pleinement. * +* attrib = analyseur à l'origine de la correspondance. * +* content = contenu binaire lié à la correspondance. * +* epos = tête de lecture avec granularité en bits. * +* size = quantité de bits à prendre en compte. * +* endian = boustime des données à respecter. * +* * +* Description : Met en place une correspondance entre attribut et binaire. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_record_bit_field_create(GRecordBitField *field, GKaitaiAttribute *attrib, GBinContent *content, const ext_vmpa_t *epos, uint8_t size, SourceEndian endian) +{ + bool result; /* Bilan à retourner */ + + result = g_match_record_create(G_MATCH_RECORD(field), G_KAITAI_PARSER(attrib), content); + + if (result) + { + copy_evmpa(&field->epos, epos); + field->size = size; + field->endian = endian; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : field = correspondance à consulter. * +* out = valeur à sauvegarder sous une forme générique. [OUT] * +* * +* Description : Lit la valeur d'un élément Kaitai entier représenté. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_record_bit_field_get_value(const GRecordBitField *field, resolved_value_t *out) +{ + bool result; /* Bilan à retourner */ + GKaitaiParser *parser; /* Attribut associé à l'élément*/ + + parser = g_match_record_get_creator(G_MATCH_RECORD(field)); + assert(G_IS_KAITAI_ATTRIBUTE(parser)); + + result = g_kaitai_attribute_read_bit_field_value(G_KAITAI_ATTRIBUTE(parser), + G_MATCH_RECORD(field)->content, + &field->epos, field->size, + field->endian, out); + + g_object_unref(G_OBJECT(parser)); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : record = correspondance à consulter. * +* range = zone de couverture déterminée. [OUT] * +* * +* Description : Calcule ou fournit la zone couverte par une correspondance. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_record_bit_field_get_range(const GRecordBitField *record, mrange_t *range) +{ + phys_t len; /* Taille en octets */ + + len = record->size / 8; + + if (record->size % 8 > 0) + len ++; + + init_mrange(range, &record->epos.base, len); + +} diff --git a/plugins/kaitai/records/bits.h b/plugins/kaitai/records/bits.h new file mode 100644 index 0000000..923e8e3 --- /dev/null +++ b/plugins/kaitai/records/bits.h @@ -0,0 +1,62 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * bits.h - prototypes pour la conservation d'un champ de bits entre attribut et binaire + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_KAITAI_RECORDS_BITS_H +#define _PLUGINS_KAITAI_RECORDS_BITS_H + + +#include <glib-object.h> + + +#include "../record.h" +#include "../parsers/attribute.h" + + + +#define G_TYPE_RECORD_BIT_FIELD g_record_bit_field_get_type() +#define G_RECORD_BIT_FIELD(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_RECORD_BIT_FIELD, GRecordBitField)) +#define G_IS_RECORD_BIT_FIELD(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_RECORD_BIT_FIELD)) +#define G_RECORD_BIT_FIELD_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_RECORD_BIT_FIELD, GRecordBitFieldClass)) +#define G_IS_RECORD_BIT_FIELD_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_RECORD_BIT_FIELD)) +#define G_RECORD_BIT_FIELD_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_RECORD_BIT_FIELD, GRecordBitFieldClass)) + + +/* Correspondance de bits établie entre un attribut et du binaire (instance) */ +typedef struct _GRecordBitField GRecordBitField; + +/* Correspondance de bits établie entre un attribut et du binaire (classe) */ +typedef struct _GRecordBitFieldClass GRecordBitFieldClass; + + +/* Indique le type défini pour une correspondance entre un attribut et du binaire. */ +GType g_record_bit_field_get_type(void); + +/* Crée une nouvelle correspondance entre attribut et binaire. */ +GMatchRecord *g_record_bit_field_new(GKaitaiAttribute *, GBinContent *, const ext_vmpa_t *, uint8_t, SourceEndian); + +/* Lit la valeur d'un élément Kaitai entier représenté. */ +bool g_record_bit_field_get_value(const GRecordBitField *, resolved_value_t *); + + + +#endif /* _PLUGINS_KAITAI_RECORDS_BITS_H */ diff --git a/plugins/kaitai/records/value-int.h b/plugins/kaitai/records/delayed-int.h index 6a84a7f..9275500 100644 --- a/plugins/kaitai/records/value-int.h +++ b/plugins/kaitai/records/delayed-int.h @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * value-int.h - prototypes internes pour la conservation d'une instance virtuelle + * delayed-int.h - prototypes internes pour la conservation d'une instance virtuelle * * Copyright (C) 2019 Cyrille Bagard * @@ -21,11 +21,11 @@ */ -#ifndef _PLUGINS_KAITAI_RECORDS_VALUE_INT_H -#define _PLUGINS_KAITAI_RECORDS_VALUE_INT_H +#ifndef _PLUGINS_KAITAI_RECORDS_DELAYED_INT_H +#define _PLUGINS_KAITAI_RECORDS_DELAYED_INT_H -#include "value.h" +#include "delayed.h" #include "../record-int.h" @@ -33,16 +33,19 @@ /* Valeur calculée selon des correspondances parallèles (instance) */ -struct _GRecordValue +struct _GRecordDelayed { GMatchRecord parent; /* A laisser en premier */ kaitai_scope_t locals; /* Sauvegarde de contexte */ + bool has_value; /* Port d'une valeur directe ? */ + GMatchRecord *real_record; /* Enregistrement effectif */ + }; /* Valeur calculée selon des correspondances parallèles (classe) */ -struct _GRecordValueClass +struct _GRecordDelayedClass { GMatchRecordClass parent; /* A laisser en premier */ @@ -50,8 +53,8 @@ struct _GRecordValueClass /* Met en place une valeur calculée selon des correspondances. */ -bool g_record_value_create(GRecordValue *, GKaitaiInstance *, const kaitai_scope_t *); +bool g_record_delayed_create(GRecordDelayed *, GKaitaiInstance *, const kaitai_scope_t *, GBinContent *); -#endif /* _PLUGINS_KAITAI_RECORDS_VALUE_INT_H */ +#endif /* _PLUGINS_KAITAI_RECORDS_DELAYED_INT_H */ diff --git a/plugins/kaitai/records/value.c b/plugins/kaitai/records/delayed.c index cafe5c3..8c1395c 100644 --- a/plugins/kaitai/records/value.c +++ b/plugins/kaitai/records/delayed.c @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * value.c - conservation d'une correspondance entre attribut et binaire + * delayed.c - conservation d'une correspondance entre attribut et binaire * * Copyright (C) 2019 Cyrille Bagard * @@ -21,7 +21,7 @@ */ -#include "value.h" +#include "delayed.h" #include <assert.h> @@ -29,7 +29,8 @@ #include <string.h> -#include "value-int.h" +#include "delayed-int.h" +#include "item.h" #include "../parsers/attribute.h" @@ -38,16 +39,16 @@ /* Initialise la classe des valeurs purement calculées. */ -static void g_record_value_class_init(GRecordValueClass *); +static void g_record_delayed_class_init(GRecordDelayedClass *); /* Initialise une correspondance entre attribut et binaire. */ -static void g_record_value_init(GRecordValue *); +static void g_record_delayed_init(GRecordDelayed *); /* Supprime toutes les références externes. */ -static void g_record_value_dispose(GRecordValue *); +static void g_record_delayed_dispose(GRecordDelayed *); /* Procède à la libération totale de la mémoire. */ -static void g_record_value_finalize(GRecordValue *); +static void g_record_delayed_finalize(GRecordDelayed *); @@ -55,7 +56,7 @@ static void g_record_value_finalize(GRecordValue *); /* Calcule ou fournit la zone couverte par une correspondance. */ -static void g_record_value_get_range(const GRecordValue *, mrange_t *); +static void g_record_delayed_get_range(const GRecordDelayed *, mrange_t *); @@ -65,7 +66,7 @@ static void g_record_value_get_range(const GRecordValue *, mrange_t *); /* Indique le type défini pour une valeur calculée selon des correspondances établies. */ -G_DEFINE_TYPE(GRecordValue, g_record_value, G_TYPE_MATCH_RECORD); +G_DEFINE_TYPE(GRecordDelayed, g_record_delayed, G_TYPE_MATCH_RECORD); /****************************************************************************** @@ -80,26 +81,26 @@ G_DEFINE_TYPE(GRecordValue, g_record_value, G_TYPE_MATCH_RECORD); * * ******************************************************************************/ -static void g_record_value_class_init(GRecordValueClass *klass) +static void g_record_delayed_class_init(GRecordDelayedClass *klass) { GObjectClass *object; /* Autre version de la classe */ GMatchRecordClass *record; /* Version parente de la classe*/ object = G_OBJECT_CLASS(klass); - object->dispose = (GObjectFinalizeFunc/* ! */)g_record_value_dispose; - object->finalize = (GObjectFinalizeFunc)g_record_value_finalize; + object->dispose = (GObjectFinalizeFunc/* ! */)g_record_delayed_dispose; + object->finalize = (GObjectFinalizeFunc)g_record_delayed_finalize; record = G_MATCH_RECORD_CLASS(klass); - record->get_range = (get_record_range_fc)g_record_value_get_range; + record->get_range = (get_record_range_fc)g_record_delayed_get_range; } /****************************************************************************** * * -* Paramètres : value = instance à initialiser. * +* Paramètres : delayed = instance à initialiser. * * * * Description : Initialise une correspondance entre attribut et binaire. * * * @@ -109,16 +110,18 @@ static void g_record_value_class_init(GRecordValueClass *klass) * * ******************************************************************************/ -static void g_record_value_init(GRecordValue *value) +static void g_record_delayed_init(GRecordDelayed *delayed) { - init_record_scope(&value->locals, NULL); + init_record_scope(&delayed->locals, NULL); + + delayed->real_record = NULL; } /****************************************************************************** * * -* Paramètres : value = instance d'objet GLib à traiter. * +* Paramètres : delayed = instance d'objet GLib à traiter. * * * * Description : Supprime toutes les références externes. * * * @@ -128,18 +131,18 @@ static void g_record_value_init(GRecordValue *value) * * ******************************************************************************/ -static void g_record_value_dispose(GRecordValue *value) +static void g_record_delayed_dispose(GRecordDelayed *delayed) { - reset_record_scope(&value->locals); + reset_record_scope(&delayed->locals); - G_OBJECT_CLASS(g_record_value_parent_class)->dispose(G_OBJECT(value)); + G_OBJECT_CLASS(g_record_delayed_parent_class)->dispose(G_OBJECT(delayed)); } /****************************************************************************** * * -* Paramètres : value = instance d'objet GLib à traiter. * +* Paramètres : delayed = instance d'objet GLib à traiter. * * * * Description : Procède à la libération totale de la mémoire. * * * @@ -149,17 +152,18 @@ static void g_record_value_dispose(GRecordValue *value) * * ******************************************************************************/ -static void g_record_value_finalize(GRecordValue *value) +static void g_record_delayed_finalize(GRecordDelayed *delayed) { - G_OBJECT_CLASS(g_record_value_parent_class)->finalize(G_OBJECT(value)); + G_OBJECT_CLASS(g_record_delayed_parent_class)->finalize(G_OBJECT(delayed)); } /****************************************************************************** * * -* Paramètres : inst = analyseur à l'origine de la correspondance. * -* locals = correspondances courantes pour résolutions. * +* Paramètres : inst = analyseur à l'origine de la correspondance. * +* locals = correspondances courantes pour résolutions. * +* content = contenu binaire lié à la correspondance. * * * * Description : Crée une nouvelle valeur calculée à partir d'une instance. * * * @@ -169,13 +173,13 @@ static void g_record_value_finalize(GRecordValue *value) * * ******************************************************************************/ -GRecordValue *g_record_value_new(GKaitaiInstance *inst, const kaitai_scope_t *locals) +GRecordDelayed *g_record_delayed_new(GKaitaiInstance *inst, const kaitai_scope_t *locals, GBinContent *content) { - GRecordValue *result; /* Structure à retourner */ + GRecordDelayed *result; /* Structure à retourner */ - result = g_object_new(G_TYPE_RECORD_VALUE, NULL); + result = g_object_new(G_TYPE_RECORD_DELAYED, NULL); - if (!g_record_value_create(result, inst, locals)) + if (!g_record_delayed_create(result, inst, locals, content)) g_clear_object(&result); return result; @@ -185,9 +189,10 @@ GRecordValue *g_record_value_new(GKaitaiInstance *inst, const kaitai_scope_t *lo /****************************************************************************** * * -* Paramètres : value = correspondance à initialiser pleinement. * -* inst = analyseur à l'origine de la correspondance. * -* locals = correspondances courantes pour résolutions. * +* Paramètres : delayed = correspondance à initialiser pleinement. * +* inst = analyseur à l'origine de la correspondance. * +* locals = correspondances courantes pour résolutions. * +* content = contenu binaire lié à la correspondance. * * * * Description : Met en place une valeur calculée à partir d'une instance. * * * @@ -197,14 +202,14 @@ GRecordValue *g_record_value_new(GKaitaiInstance *inst, const kaitai_scope_t *lo * * ******************************************************************************/ -bool g_record_value_create(GRecordValue *value, GKaitaiInstance *inst, const kaitai_scope_t *locals) +bool g_record_delayed_create(GRecordDelayed *delayed, GKaitaiInstance *inst, const kaitai_scope_t *locals, GBinContent *content) { bool result; /* Bilan à retourner */ - result = g_match_record_create(G_MATCH_RECORD(value), G_KAITAI_PARSER(inst), NULL); + result = g_match_record_create(G_MATCH_RECORD(delayed), G_KAITAI_PARSER(inst), content); if (result) - copy_record_scope(&value->locals, locals); + copy_record_scope(&delayed->locals, locals); return result; @@ -213,8 +218,8 @@ bool g_record_value_create(GRecordValue *value, GKaitaiInstance *inst, const kai /****************************************************************************** * * -* Paramètres : value = correspondance à consulter. * -* value = valeur à sauvegarder sous une forme générique. [OUT] * +* Paramètres : delayed = correspondance à consulter. * +* out = valeur à sauvegarder sous forme générique. [OUT] * * * * Description : Détermine la valeur d'un élément Kaitai calculé. * * * @@ -224,17 +229,36 @@ bool g_record_value_create(GRecordValue *value, GKaitaiInstance *inst, const kai * * ******************************************************************************/ -bool g_record_value_compute_value(const GRecordValue *value, resolved_value_t *out) +bool g_record_delayed_compute_value(GRecordDelayed *delayed, resolved_value_t *out) { bool result; /* Bilan à retourner */ GKaitaiParser *parser; /* Instance liée à l'élément */ - parser = g_match_record_get_creator(G_MATCH_RECORD(value)); + parser = g_match_record_get_creator(G_MATCH_RECORD(delayed)); assert(G_IS_KAITAI_ATTRIBUTE(parser)); - result = g_kaitai_instance_compute_value(G_KAITAI_INSTANCE(parser), - &value->locals, - out); + if (G_MATCH_RECORD(delayed)->content == NULL) + result = g_kaitai_instance_compute_value(G_KAITAI_INSTANCE(parser), + &delayed->locals, + out); + + else + { + if (delayed->real_record == NULL) + delayed->real_record = g_kaitai_instance_compute_real_record(G_KAITAI_INSTANCE(parser), + &delayed->locals, + G_MATCH_RECORD(delayed)->content); + + if (delayed->real_record == NULL) + result = false; + + else + { + assert(G_IS_RECORD_ITEM(delayed->real_record)); + result = g_record_item_get_value(G_RECORD_ITEM(delayed->real_record), out); + } + + } g_object_unref(G_OBJECT(parser)); @@ -245,8 +269,8 @@ bool g_record_value_compute_value(const GRecordValue *value, resolved_value_t *o /****************************************************************************** * * -* Paramètres : value = correspondance à consulter. * -* value = valeur à sauvegarder sous une forme générique. [OUT] * +* Paramètres : delayed = correspondance à consulter. * +* out = valeur à sauvegarder sous forme générique. [OUT] * * * * Description : Détermine et ajuste la valeur d'un élément Kaitai calculé. * * * @@ -256,20 +280,12 @@ bool g_record_value_compute_value(const GRecordValue *value, resolved_value_t *o * * ******************************************************************************/ -bool g_record_value_compute_and_aggregate_value(const GRecordValue *value, resolved_value_t *out) +bool g_record_delayed_compute_and_aggregate_value(GRecordDelayed *delayed, resolved_value_t *out) { bool result; /* Bilan à retourner */ - GKaitaiParser *parser; /* Instance liée à l'élément */ sized_string_t converted; /* Conversion finale ? */ - parser = g_match_record_get_creator(G_MATCH_RECORD(value)); - assert(G_IS_KAITAI_ATTRIBUTE(parser)); - - result = g_kaitai_instance_compute_value(G_KAITAI_INSTANCE(parser), - &value->locals, - out); - - g_object_unref(G_OBJECT(parser)); + result = g_record_delayed_compute_value(delayed, out); if (result) { @@ -318,7 +334,7 @@ bool g_record_value_compute_and_aggregate_value(const GRecordValue *value, resol /****************************************************************************** * * -* Paramètres : value = correspondance à consulter. * +* Paramètres : delayed = correspondance à consulter. * * range = zone de couverture déterminée. [OUT] * * * * Description : Calcule ou fournit la zone couverte par une correspondance. * @@ -329,7 +345,7 @@ bool g_record_value_compute_and_aggregate_value(const GRecordValue *value, resol * * ******************************************************************************/ -static void g_record_value_get_range(const GRecordValue *value, mrange_t *range) +static void g_record_delayed_get_range(const GRecordDelayed *delayed, mrange_t *range) { copy_mrange(range, UNUSED_MRANGE_PTR); diff --git a/plugins/kaitai/records/value.h b/plugins/kaitai/records/delayed.h index 8ee9cdd..e88bb6c 100644 --- a/plugins/kaitai/records/value.h +++ b/plugins/kaitai/records/delayed.h @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * value.h - prototypes pour la conservation d'une correspondance entre attribut et binaire + * delayed.h - prototypes pour la conservation d'une correspondance entre attribut et binaire * * Copyright (C) 2019 Cyrille Bagard * @@ -21,8 +21,8 @@ */ -#ifndef _PLUGINS_KAITAI_RECORDS_VALUE_H -#define _PLUGINS_KAITAI_RECORDS_VALUE_H +#ifndef _PLUGINS_KAITAI_RECORDS_DELAYED_H +#define _PLUGINS_KAITAI_RECORDS_DELAYED_H #include <glib-object.h> @@ -33,33 +33,33 @@ -#define G_TYPE_RECORD_VALUE g_record_value_get_type() -#define G_RECORD_VALUE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_RECORD_VALUE, GRecordValue)) -#define G_IS_RECORD_VALUE(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_RECORD_VALUE)) -#define G_RECORD_VALUE_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_RECORD_VALUE, GRecordValueClass)) -#define G_IS_RECORD_VALUE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_RECORD_VALUE)) -#define G_RECORD_VALUE_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_RECORD_VALUE, GRecordValueClass)) +#define G_TYPE_RECORD_DELAYED g_record_delayed_get_type() +#define G_RECORD_DELAYED(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_RECORD_DELAYED, GRecordDelayed)) +#define G_IS_RECORD_DELAYED(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_RECORD_DELAYED)) +#define G_RECORD_DELAYED_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_RECORD_DELAYED, GRecordDelayedClass)) +#define G_IS_RECORD_DELAYED_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_RECORD_DELAYED)) +#define G_RECORD_DELAYED_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_RECORD_DELAYED, GRecordDelayedClass)) /* Valeur calculée selon des correspondances parallèles (instance) */ -typedef struct _GRecordValue GRecordValue; +typedef struct _GRecordDelayed GRecordDelayed; /* Valeur calculée selon des correspondances parallèles (classe) */ -typedef struct _GRecordValueClass GRecordValueClass; +typedef struct _GRecordDelayedClass GRecordDelayedClass; /* Indique le type défini pour une valeur calculée selon des correspondances établies. */ -GType g_record_value_get_type(void); +GType g_record_delayed_get_type(void); /* Crée une nouvelle valeur calculée à partir d'une instance. */ -GRecordValue *g_record_value_new(GKaitaiInstance *, const kaitai_scope_t *); +GRecordDelayed *g_record_delayed_new(GKaitaiInstance *, const kaitai_scope_t *, GBinContent *); /* Détermine la valeur d'un élément Kaitai entier calculé. */ -bool g_record_value_compute_value(const GRecordValue *, resolved_value_t *); +bool g_record_delayed_compute_value(GRecordDelayed *, resolved_value_t *); /* Détermine et ajuste la valeur d'un élément Kaitai calculé. */ -bool g_record_value_compute_and_aggregate_value(const GRecordValue *, resolved_value_t *); +bool g_record_delayed_compute_and_aggregate_value(GRecordDelayed *, resolved_value_t *); -#endif /* _PLUGINS_KAITAI_RECORDS_VALUE_H */ +#endif /* _PLUGINS_KAITAI_RECORDS_DELAYED_H */ diff --git a/plugins/kaitai/rost/Makefile.am b/plugins/kaitai/rost/Makefile.am new file mode 100644 index 0000000..c7ea84a --- /dev/null +++ b/plugins/kaitai/rost/Makefile.am @@ -0,0 +1,18 @@ + +noinst_LTLIBRARIES = libkaitairost.la + +libkaitairost_la_SOURCES = \ + browser-int.h \ + browser.h browser.c \ + core.h core.c \ + space-int.h \ + space.h space.c \ + trigger-int.h \ + trigger.h trigger.c + +libkaitairost_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + + +devdir = $(includedir)/chrysalide-$(subdir) + +dev_HEADERS = $(libkaitairost_la_SOURCES:%c=) diff --git a/plugins/kaitai/rost/browser-int.h b/plugins/kaitai/rost/browser-int.h new file mode 100644 index 0000000..4b49680 --- /dev/null +++ b/plugins/kaitai/rost/browser-int.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * browser-int.h - prototypes internes pour le parcours des résultats d'analyse Kaitai pour ROST + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef PLUGINS_KAITAI_ROST_BROWSER_INT_H +#define PLUGINS_KAITAI_ROST_BROWSER_INT_H + + +#include <analysis/scan/item-int.h> + + +#include "browser.h" + + + +/* Parcours des résultats d'une analyse Kaitai pour ROST (instance) */ +struct _GKaitaiBrowser +{ + GScanRegisteredItem parent; /* A laisser en premier */ + + char *path; /* Chamin vers l'enregistrement*/ + GMatchRecord *record; /* Correspondance à parcourir */ + +}; + +/* Parcours des résultats d'une analyse Kaitai pour ROST (classe) */ +struct _GKaitaiBrowserClass +{ + GScanRegisteredItemClass parent; /* A laisser en premier */ + +}; + + +/* Met en place un nouveau parcours de correspondances Kaitai. */ +bool g_kaitai_browser_create(GKaitaiBrowser *, const char *, GMatchRecord *); + + + +#endif /* PLUGINS_KAITAI_ROST_BROWSER_INT_H */ diff --git a/plugins/kaitai/rost/browser.c b/plugins/kaitai/rost/browser.c new file mode 100644 index 0000000..159915b --- /dev/null +++ b/plugins/kaitai/rost/browser.c @@ -0,0 +1,478 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * browser.c - accès à des définitions Kaitai depuis ROST + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "browser.h" + + +#include <assert.h> +#include <string.h> + + +#include <analysis/scan/exprs/literal.h> + + +#include "browser-int.h" +#include "../records/bits.h" +#include "../records/delayed.h" +#include "../records/item.h" +#include "../records/list.h" + + + +/* ---------------------- PARCOURS DE CORRESPONDANCES ETABLIES ---------------------- */ + + +/* Initialise la classe des parcours de correspondances Kaitai. */ +static void g_kaitai_browser_class_init(GKaitaiBrowserClass *); + +/* Initialise un parcours de correspondances Kaitai. */ +static void g_kaitai_browser_init(GKaitaiBrowser *); + +/* Supprime toutes les références externes. */ +static void g_kaitai_browser_dispose(GKaitaiBrowser *); + +/* Procède à la libération totale de la mémoire. */ +static void g_kaitai_browser_finalize(GKaitaiBrowser *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Indique le nom associé à une expression d'évaluation. */ +static char *g_kaitai_browser_get_name(const GKaitaiBrowser *); + +/* Lance une résolution d'élément à solliciter. */ +static bool g_kaitai_browser_resolve(GKaitaiBrowser *, const char *, GScanContext *, GScanScope *, GScanRegisteredItem **); + +/* Réduit une expression à une forme plus simple. */ +static bool g_kaitai_browser_reduce(GKaitaiBrowser *, GScanContext *, GScanScope *, GScanExpression **); + +/* Effectue une extraction d'élément à partir d'une série. */ +static GObject *g_kaitai_browser_extract_at(GKaitaiBrowser *, const GScanExpression *, GScanContext *, GScanScope *); + + + +/* ---------------------------------------------------------------------------------- */ +/* PARCOURS DE CORRESPONDANCES ETABLIES */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour un parcours de correspondances Kaitai pour ROST. */ +G_DEFINE_TYPE(GKaitaiBrowser, g_kaitai_browser, G_TYPE_SCAN_REGISTERED_ITEM); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des parcours de correspondances Kaitai. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_kaitai_browser_class_init(GKaitaiBrowserClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_kaitai_browser_dispose; + object->finalize = (GObjectFinalizeFunc)g_kaitai_browser_finalize; + + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); + + registered->get_name = (get_registered_item_name_fc)g_kaitai_browser_get_name; + registered->resolve = (resolve_registered_item_fc)g_kaitai_browser_resolve; + registered->reduce = (reduce_registered_item_fc)g_kaitai_browser_reduce; + registered->extract = (extract_registered_item_at)g_kaitai_browser_extract_at; + +} + + +/****************************************************************************** +* * +* Paramètres : browser = instance à initialiser. * +* * +* Description : Initialise un parcours de correspondances Kaitai. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_kaitai_browser_init(GKaitaiBrowser *browser) +{ + browser->path = NULL; + browser->record = NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : browser = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_kaitai_browser_dispose(GKaitaiBrowser *browser) +{ + g_clear_object(&browser->record); + + G_OBJECT_CLASS(g_kaitai_browser_parent_class)->dispose(G_OBJECT(browser)); + +} + + +/****************************************************************************** +* * +* Paramètres : browser = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_kaitai_browser_finalize(GKaitaiBrowser *browser) +{ + if (browser->path != NULL) + free(browser->path); + + G_OBJECT_CLASS(g_kaitai_browser_parent_class)->finalize(G_OBJECT(browser)); + +} + + +/****************************************************************************** +* * +* Paramètres : path = chemin vers l'enregistrement fourni. * +* record = correspondance racine à considérer. * +* * +* Description : Crée un nouveau parcours de correspondances Kaitai. * +* * +* Retour : Instance mise en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GKaitaiBrowser *g_kaitai_browser_new(const char *path, GMatchRecord *record) +{ + GKaitaiBrowser *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_KAITAI_BROWSER, NULL); + + if (!g_kaitai_browser_create(result, path, record)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : browser = encadrement d'un parcours de correspondances. * +* path = chemin vers l'enregistrement fourni. * +* record = correspondance racine à considérer. * +* * +* Description : Met en place un nouveau parcours de correspondances Kaitai. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_kaitai_browser_create(GKaitaiBrowser *browser, const char *path, GMatchRecord *record) +{ + bool result; /* Bilan à retourner */ + + result = true; + + if (path != NULL) + browser->path = strdup(path); + + browser->record = record; + g_object_ref(G_OBJECT(browser->record)); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* * +* Description : Indique le nom associé à une expression d'évaluation. * +* * +* Retour : Désignation humaine de l'expression d'évaluation. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_kaitai_browser_get_name(const GKaitaiBrowser *item) +{ + char *result; /* Désignation à retourner */ + int ret; /* Statut de construction */ + + if (item->path == NULL) + result = strdup("kaitai://"); + + else + { + ret = asprintf(&result, "kaitai://%s", item->path); + assert(ret > 0); + + if (ret <= 0) + result = strdup("kaitai://???"); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* target = désignation de l'objet d'appel à identifier. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la résolution opérée. [OUT]* +* * +* Description : Lance une résolution d'élément à solliciter. * +* * +* Retour : Bilan de l'opération : false en cas d'erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_kaitai_browser_resolve(GKaitaiBrowser *item, const char *target, GScanContext *ctx, GScanScope *scope, GScanRegisteredItem **out) +{ + bool result; /* Bilan à retourner */ + GMatchRecord *found; /* Correspondance trouvée */ + char *path; + int ret; /* Statut de construction */ + + found = g_match_record_find_by_name(item->record, target, strlen(target), 1); + result = (found != NULL); + + if (result) + { + ret = asprintf(&path, "%s.%s", item->path, target); + assert(ret > 0); + + if (ret <= 0) + path = strdup("!?"); + + *out = G_SCAN_REGISTERED_ITEM(g_kaitai_browser_new(path, found)); + + free(path); + g_object_unref(G_OBJECT(found)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la réduction opérée. [OUT] * +* * +* Description : Réduit une expression à une forme plus simple. * +* * +* Retour : Bilan de l'opération : false en cas d'erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_kaitai_browser_reduce(GKaitaiBrowser *item, GScanContext *ctx, GScanScope *scope, GScanExpression **out) +{ + bool result; /* Bilan à retourner */ + size_t count; /* Décompte total à considérer */ + resolved_value_t value; /* Valeur brute à transformer */ + + if (G_IS_RECORD_LIST(item->record)) + { + count = g_record_list_count_records(G_RECORD_LIST(item->record)); + + *out = g_scan_literal_expression_new(LVT_BOOLEAN, (bool []){ count > 0 }); + + result = true; + + } + + else + { + if (G_IS_RECORD_BIT_FIELD(item->record)) + result = g_record_bit_field_get_value(G_RECORD_BIT_FIELD(item->record), &value); + + else if (G_IS_RECORD_DELAYED(item->record)) + result = g_record_delayed_compute_and_aggregate_value(G_RECORD_DELAYED(item->record), &value); + + else if (G_IS_RECORD_ITEM(item->record)) + result = g_record_item_get_value(G_RECORD_ITEM(item->record), &value); + + else + result = false; + + if (result) + { + switch (value.type) + { + case GVT_UNSIGNED_INTEGER: + *out = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, &value.unsigned_integer); + break; + + case GVT_SIGNED_INTEGER: + *out = g_scan_literal_expression_new(LVT_SIGNED_INTEGER, &value.signed_integer); + break; + + case GVT_FLOAT: + /* TODO */ + break; + + case GVT_BOOLEAN: + *out = g_scan_literal_expression_new(LVT_BOOLEAN, &value.status); + break; + + case GVT_BYTES: + *out = g_scan_literal_expression_new(LVT_STRING, &value.bytes); + break; + + default: + break; + + } + + EXIT_RESOLVED_VALUE(value); + + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* index = indice de l'élément à cibler. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* * +* Description : Effectue une extraction d'élément à partir d'une série. * +* * +* Retour : Elément de série obtenu ou NULL si erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GObject *g_kaitai_browser_extract_at(GKaitaiBrowser *item, const GScanExpression *index, GScanContext *ctx, GScanScope *scope) +{ + GObject *result; /* Elément récupéré à renvoyer */ + GScanLiteralExpression *literal; /* Accès direct à l'indice */ + LiteralValueType vtype; /* Type de valeur portée */ + unsigned long long at; /* Valeur concrète du point */ + bool status; /* Bilan d'obtention d'indice */ + GRecordList *list; /* Accès direct à la liste */ + size_t count; /* Décompte total à considérer */ + GMatchRecord *found; /* Correspondance trouvée */ + char *path; + int ret; /* Statut de construction */ + + result = NULL; + + /* Validations préliminaires */ + + if (!G_IS_RECORD_LIST(item->record)) goto exit; + if (!G_IS_SCAN_LITERAL_EXPRESSION(index)) goto exit; + + literal = G_SCAN_LITERAL_EXPRESSION(index); + + vtype = g_scan_literal_expression_get_value_type(literal); + if (vtype != LVT_UNSIGNED_INTEGER) goto exit; + + status = g_scan_literal_expression_get_unsigned_integer_value(literal, &at); + if (!status) goto exit; + + list = G_RECORD_LIST(item->record); + + count = g_record_list_count_records(list); + if (at >= count) goto exit; + + /* Récupération de l'élément visé */ + + found = g_record_list_get_record(list, at); + if (found == NULL) goto exit; + + ret = asprintf(&path, "%s[%llu]", item->path, at); + assert(ret > 0); + + if (ret <= 0) + path = strdup("!?"); + + result = G_OBJECT(g_kaitai_browser_new(path, found)); + + free(path); + g_object_unref(G_OBJECT(found)); + + exit: + + return result; + +} diff --git a/plugins/kaitai/rost/browser.h b/plugins/kaitai/rost/browser.h new file mode 100644 index 0000000..89b9f6f --- /dev/null +++ b/plugins/kaitai/rost/browser.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * browser.h - prototypes pour le parcours des résultats d'analyse Kaitai pour ROST + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef PLUGINS_KAITAI_ROST_BROWSER_H +#define PLUGINS_KAITAI_ROST_BROWSER_H + + +#include <glib-object.h> + + +#include "../record.h" + + + +#define G_TYPE_KAITAI_BROWSER g_kaitai_browser_get_type() +#define G_KAITAI_BROWSER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_KAITAI_BROWSER, GKaitaiBrowser)) +#define G_IS_KAITAI_BROWSER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_KAITAI_BROWSER)) +#define G_KAITAI_BROWSER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_KAITAI_BROWSER, GKaitaiBrowserClass)) +#define G_IS_KAITAI_BROWSER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_KAITAI_BROWSER)) +#define G_KAITAI_BROWSER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_KAITAI_BROWSER, GKaitaiBrowserClass)) + + +/* Parcours des résultats d'une analyse Kaitai pour ROST (instance) */ +typedef struct _GKaitaiBrowser GKaitaiBrowser; + +/* Parcours des résultats d'une analyse Kaitai pour ROST (classe) */ +typedef struct _GKaitaiBrowserClass GKaitaiBrowserClass; + + +/* Indique le type défini pour un parcours de correspondances Kaitai pour ROST. */ +GType g_kaitai_browser_get_type(void); + +/* Crée un nouveau parcours de correspondances Kaitai. */ +GKaitaiBrowser *g_kaitai_browser_new(const char *, GMatchRecord *); + + + +#endif /* PLUGINS_KAITAI_ROST_BROWSER_H */ diff --git a/plugins/kaitai/rost/core.c b/plugins/kaitai/rost/core.c new file mode 100644 index 0000000..8271389 --- /dev/null +++ b/plugins/kaitai/rost/core.c @@ -0,0 +1,66 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.c - mise à disposition d'un support Kaitai pour ROST + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "core.h" + + +#include <core/global.h> + + +#include "space.h" + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Intègre un support de Kaitai pour ROST. * +* * +* Retour : Bilan du chargement mené. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool add_kaitai_support_to_rost(void) +{ + bool result; /* Bilan à retourner */ + GScanNamespace *root_ns; /* Espace de noms ROST racine */ + GScanNamespace *kaitai_ns; /* Espace de noms pour Kaitai */ + + result = true; + + root_ns = get_rost_root_namespace(); + + kaitai_ns = g_kaitai_namespace_new(); + + result = g_scan_namespace_register_item(root_ns, G_SCAN_REGISTERED_ITEM(kaitai_ns)); + + g_object_unref(G_OBJECT(kaitai_ns)); + + g_object_unref(G_OBJECT(root_ns)); + + return result; + +} diff --git a/plugins/kaitai/rost/core.h b/plugins/kaitai/rost/core.h new file mode 100644 index 0000000..6f810eb --- /dev/null +++ b/plugins/kaitai/rost/core.h @@ -0,0 +1,37 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.h - prototypes pour la mise à disposition d'un support Kaitai pour ROST + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_KAITAI_ROST_CORE_H +#define _PLUGINS_KAITAI_ROST_CORE_H + + +#include <stdbool.h> + + + +/* Intègre un support de Kaitai pour ROST. */ +bool add_kaitai_support_to_rost(void); + + + +#endif /* _PLUGINS_KAITAI_ROST_CORE_H */ diff --git a/plugins/kaitai/rost/space-int.h b/plugins/kaitai/rost/space-int.h new file mode 100644 index 0000000..47ec707 --- /dev/null +++ b/plugins/kaitai/rost/space-int.h @@ -0,0 +1,55 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * space-int.h - prototypes internes pour la définition d'un espace de noms pour les fonctions de scan + * + * Copyright (C) 2022 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_KAITAI_ROST_SPACE_INT_H +#define _PLUGINS_KAITAI_ROST_SPACE_INT_H + + +#include "space.h" + + +#include <analysis/scan/space-int.h> + + + +/* Espace de noms avec chargement dynamique de définitions Kaitai (instance) */ +struct _GKaitaiNamespace +{ + GScanNamespace parent; /* A laisser en premier */ + +}; + +/* Espace de noms avec chargement dynamique de définitions Kaitai (classe) */ +struct _GKaitaiNamespaceClass +{ + GScanNamespaceClass parent; /* A laisser en premier */ + +}; + + +/* Met en place un nouvel espace de noms pour scan. */ +bool g_kaitai_namespace_create(GKaitaiNamespace *); + + + +#endif /* _PLUGINS_KAITAI_ROST_SPACE_INT_H */ diff --git a/src/analysis/scan/exprs/counter.c b/plugins/kaitai/rost/space.c index 7fadb91..ee922d2 100644 --- a/src/analysis/scan/exprs/counter.c +++ b/plugins/kaitai/rost/space.c @@ -1,8 +1,8 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * counter.c - décompte de correspondances identifiées dans du contenu binaire + * space.c - définition d'un espace de noms pour les fonctions de scan * - * Copyright (C) 2023 Cyrille Bagard + * Copyright (C) 2022 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,53 +21,57 @@ */ -#include "counter.h" +#include "space.h" -#include "counter-int.h" -#include "literal.h" +#include <string.h> +#include "trigger.h" +#include "space-int.h" +#include "../import.h" -/* --------------------- INSTANCIATION D'UNE FORME DE CONDITION --------------------- */ -/* Initialise la classe des opérations booléennes. */ -static void g_scan_match_counter_class_init(GScanMatchCounterClass *); +/* ------------------------- SOCLE POUR LES ESPACES DE NOMS ------------------------- */ -/* Initialise une instance d'opération booléenne. */ -static void g_scan_match_counter_init(GScanMatchCounter *); + +/* Initialise la classe des espaces de noms dynamiques Kaitai. */ +static void g_kaitai_namespace_class_init(GKaitaiNamespaceClass *); + +/* Initialise une instance d'espace de noms dynamiques Kaitai. */ +static void g_kaitai_namespace_init(GKaitaiNamespace *); /* Supprime toutes les références externes. */ -static void g_scan_match_counter_dispose(GScanMatchCounter *); +static void g_kaitai_namespace_dispose(GKaitaiNamespace *); /* Procède à la libération totale de la mémoire. */ -static void g_scan_match_counter_finalize(GScanMatchCounter *); +static void g_kaitai_namespace_finalize(GKaitaiNamespace *); /* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ -/* Réduit une expression à une forme plus simple. */ -static ScanReductionState g_scan_match_counter_reduce(const GScanMatchCounter *, GScanContext *, GScanScope *, GScanExpression **); +/* Lance une résolution d'élément à solliciter. */ +static bool g_kaitai_namespace_resolve(GKaitaiNamespace *, const char *, GScanContext *, GScanScope *, GScanRegisteredItem **); /* ---------------------------------------------------------------------------------- */ -/* INSTANCIATION D'UNE FORME DE CONDITION */ +/* SOCLE POUR LES ESPACES DE NOMS */ /* ---------------------------------------------------------------------------------- */ -/* Indique le type défini pour un décompte de résultats lors d'une recherche de motifs. */ -G_DEFINE_TYPE(GScanMatchCounter, g_scan_match_counter, G_TYPE_SCAN_EXPRESSION); +/* Indique le type défini pour une définition d'espace de noms dynamique Kaitai. */ +G_DEFINE_TYPE(GKaitaiNamespace, g_kaitai_namespace, G_TYPE_SCAN_NAMESPACE); /****************************************************************************** * * * Paramètres : klass = classe à initialiser. * * * -* Description : Initialise la classe des opérations booléennes. * +* Description : Initialise la classe des espaces de noms dynamiques Kaitai. * * * * Retour : - * * * @@ -75,29 +79,28 @@ G_DEFINE_TYPE(GScanMatchCounter, g_scan_match_counter, G_TYPE_SCAN_EXPRESSION); * * ******************************************************************************/ -static void g_scan_match_counter_class_init(GScanMatchCounterClass *klass) +static void g_kaitai_namespace_class_init(GKaitaiNamespaceClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GScanExpressionClass *expr; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); - object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_match_counter_dispose; - object->finalize = (GObjectFinalizeFunc)g_scan_match_counter_finalize; + object->dispose = (GObjectFinalizeFunc/* ! */)g_kaitai_namespace_dispose; + object->finalize = (GObjectFinalizeFunc)g_kaitai_namespace_finalize; - expr = G_SCAN_EXPRESSION_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); - expr->cmp_rich = (compare_expr_rich_fc)NULL; - expr->reduce = (reduce_expr_fc)g_scan_match_counter_reduce; + registered->resolve = (resolve_registered_item_fc)g_kaitai_namespace_resolve; } /****************************************************************************** * * -* Paramètres : op = instance à initialiser. * +* Paramètres : space = instance à initialiser. * * * -* Description : Initialise une instance d'opération booléenne. * +* Description : Initialise une instance d'espace de noms dynamiques Kaitai. * * * * Retour : - * * * @@ -105,16 +108,15 @@ static void g_scan_match_counter_class_init(GScanMatchCounterClass *klass) * * ******************************************************************************/ -static void g_scan_match_counter_init(GScanMatchCounter *counter) +static void g_kaitai_namespace_init(GKaitaiNamespace *space) { - counter->pattern = NULL; } /****************************************************************************** * * -* Paramètres : op = instance d'objet GLib à traiter. * +* Paramètres : space = instance d'objet GLib à traiter. * * * * Description : Supprime toutes les références externes. * * * @@ -124,18 +126,16 @@ static void g_scan_match_counter_init(GScanMatchCounter *counter) * * ******************************************************************************/ -static void g_scan_match_counter_dispose(GScanMatchCounter *counter) +static void g_kaitai_namespace_dispose(GKaitaiNamespace *space) { - g_clear_object(&counter->pattern); - - G_OBJECT_CLASS(g_scan_match_counter_parent_class)->dispose(G_OBJECT(counter)); + G_OBJECT_CLASS(g_kaitai_namespace_parent_class)->dispose(G_OBJECT(space)); } /****************************************************************************** * * -* Paramètres : op = instance d'objet GLib à traiter. * +* Paramètres : space = instance d'objet GLib à traiter. * * * * Description : Procède à la libération totale de la mémoire. * * * @@ -145,32 +145,32 @@ static void g_scan_match_counter_dispose(GScanMatchCounter *counter) * * ******************************************************************************/ -static void g_scan_match_counter_finalize(GScanMatchCounter *counter) +static void g_kaitai_namespace_finalize(GKaitaiNamespace *space) { - G_OBJECT_CLASS(g_scan_match_counter_parent_class)->finalize(G_OBJECT(counter)); + G_OBJECT_CLASS(g_kaitai_namespace_parent_class)->finalize(G_OBJECT(space)); } /****************************************************************************** * * -* Paramètres : pattern = motif à impliquer. * +* Paramètres : - * * * -* Description : Met en place un décompte de correspondances obtenues. * +* Description : Construit un nouvel espace de noms dynamique pour Kaitai. * * * -* Retour : Expression mise en place. * +* Retour : Adresse de la structure mise en place. * * * * Remarques : - * * * ******************************************************************************/ -GScanExpression *g_scan_match_counter_new(GSearchPattern *pattern) +GScanNamespace *g_kaitai_namespace_new(void) { - GScanExpression *result; /* Structure à retourner */ + GScanNamespace *result; /* Instance à retourner */ - result = g_object_new(G_TYPE_SCAN_MATCH_COUNTER, NULL); + result = g_object_new(G_TYPE_KAITAI_NAMESPACE, NULL); - if (!g_scan_match_counter_create(G_SCAN_MATCH_COUNTER(result), pattern)) + if (!g_kaitai_namespace_create(G_KAITAI_NAMESPACE(result))) g_clear_object(&result); return result; @@ -180,10 +180,10 @@ GScanExpression *g_scan_match_counter_new(GSearchPattern *pattern) /****************************************************************************** * * -* Paramètres : counter = instance à initialiser pleinement. * -* pattern = motif à impliquer. * +* Paramètres : space = instance d'espace de noms à initialiser. * +* name = désignation du futur espace de noms. * * * -* Description : Met en place un compteur de correspondances. * +* Description : Met en place un nouvel espace de noms pour scan. * * * * Retour : Bilan de l'opération. * * * @@ -191,17 +191,11 @@ GScanExpression *g_scan_match_counter_new(GSearchPattern *pattern) * * ******************************************************************************/ -bool g_scan_match_counter_create(GScanMatchCounter *counter, GSearchPattern *pattern) +bool g_kaitai_namespace_create(GKaitaiNamespace *space) { bool result; /* Bilan à retourner */ - result = g_scan_expression_create(G_SCAN_EXPRESSION(counter), SRS_WAIT_FOR_SCAN); - if (!result) goto exit; - - counter->pattern = pattern; - g_object_ref(G_OBJECT(pattern)); - - exit: + result = g_scan_namespace_create(G_SCAN_NAMESPACE(space), "kaitai"); return result; @@ -216,12 +210,13 @@ bool g_scan_match_counter_create(GScanMatchCounter *counter, GSearchPattern *pat /****************************************************************************** * * -* Paramètres : expr = expression à consulter. * -* ctx = contexte de suivi de l'analyse courante. * -* scope = portée courante des variables locales. * -* out = zone d'enregistrement de la réduction opérée. [OUT] * +* Paramètres : item = élément d'appel à consulter. * +* target = désignation de l'objet d'appel à identifier. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la résolution opérée. [OUT]* * * -* Description : Réduit une expression à une forme plus simple. * +* Description : Lance une résolution d'élément à solliciter. * * * * Retour : Bilan de l'opération : false en cas d'erreur irrécupérable. * * * @@ -229,22 +224,30 @@ bool g_scan_match_counter_create(GScanMatchCounter *counter, GSearchPattern *pat * * ******************************************************************************/ -static ScanReductionState g_scan_match_counter_reduce(const GScanMatchCounter *expr, GScanContext *ctx, GScanScope *scope, GScanExpression **out) +static bool g_kaitai_namespace_resolve(GKaitaiNamespace *item, const char *target, GScanContext *ctx, GScanScope *scope, GScanRegisteredItem **out) { - ScanReductionState result; /* Etat synthétisé à retourner */ - size_t count; /* Quantité de correspondances */ + bool result; /* Bilan à retourner */ + GScanRegisteredItemClass *parent; /* Version de classe parente */ + GKaitaiStruct *kstruct; /* Lecteur de définition */ + + parent = G_SCAN_REGISTERED_ITEM_CLASS(g_kaitai_namespace_parent_class); - if (g_scan_context_is_scan_done(ctx)) + result = parent->resolve(G_SCAN_REGISTERED_ITEM(item), target, ctx, scope, out); + + if (!result) { - g_scan_context_get_full_matches(ctx, expr->pattern, &count); + kstruct = load_kaitai_definition(target, NULL); + + if (kstruct != NULL) + { + *out = g_kaitai_trigger_new(kstruct); + result = true; - *out = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, (unsigned long long []){ count }); + g_object_unref(G_OBJECT(kstruct)); - result = SRS_REDUCED; + } } - else - result = SRS_WAIT_FOR_SCAN; return result; diff --git a/plugins/kaitai/rost/space.h b/plugins/kaitai/rost/space.h new file mode 100644 index 0000000..5dcea5e --- /dev/null +++ b/plugins/kaitai/rost/space.h @@ -0,0 +1,59 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * space.h - prototypes pour la définition d'un espace de noms pour les fonctions de scan + * + * Copyright (C) 2022 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_KAITAI_ROST_SPACE_H +#define _PLUGINS_KAITAI_ROST_SPACE_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include <analysis/scan/space.h> + + + +#define G_TYPE_KAITAI_NAMESPACE g_kaitai_namespace_get_type() +#define G_KAITAI_NAMESPACE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_KAITAI_NAMESPACE, GKaitaiNamespace)) +#define G_IS_KAITAI_NAMESPACE(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_KAITAI_NAMESPACE)) +#define G_KAITAI_NAMESPACE_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_KAITAI_NAMESPACE, GKaitaiNamespaceClass)) +#define G_IS_KAITAI_NAMESPACE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_KAITAI_NAMESPACE)) +#define G_KAITAI_NAMESPACE_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_KAITAI_NAMESPACE, GKaitaiNamespaceClass)) + + +/* Espace de noms avec chargement dynamique de définitions Kaitai (instance) */ +typedef struct _GKaitaiNamespace GKaitaiNamespace; + +/* Espace de noms avec chargement dynamique de définitions Kaitai (classe) */ +typedef struct _GKaitaiNamespaceClass GKaitaiNamespaceClass; + + +/* Indique le type défini pour une définition d'espace de noms dynamique Kaitai. */ +GType g_kaitai_namespace_get_type(void); + +/* Construit un nouvel espace de noms dynamique pour Kaitai. */ +GScanNamespace *g_kaitai_namespace_new(void); + + + +#endif /* _PLUGINS_KAITAI_ROST_SPACE_H */ diff --git a/plugins/kaitai/rost/trigger-int.h b/plugins/kaitai/rost/trigger-int.h new file mode 100644 index 0000000..6830cd7 --- /dev/null +++ b/plugins/kaitai/rost/trigger-int.h @@ -0,0 +1,59 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * trigger-int.h - prototypes internes pour l'accès à des définitions Kaitai depuis ROST + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_KAITAI_ROST_TRIGGER_INT_H +#define _PLUGINS_KAITAI_ROST_TRIGGER_INT_H + + +#include <analysis/scan/item-int.h> + + +#include "trigger.h" + + + +/* Accès à une définition et déclenchement d'une analyse Kaitai depuis ROST (instance) */ +struct _GKaitaiTrigger +{ + GScanRegisteredItem parent; /* A laisser en premier */ + + char *name; /* Désignation arbitraire */ + + GKaitaiStruct *kstruct; /* Définition à décliner */ + +}; + +/* Accès à une définition et déclenchement d'une analyse Kaitai depuis ROST (classe) */ +struct _GKaitaiTriggerClass +{ + GScanRegisteredItemClass parent; /* A laisser en premier */ + +}; + + +/* Met en place un accès à une définition Kaitai pour ROST. */ +bool g_kaitai_trigger_create(GKaitaiTrigger *, GKaitaiStruct *); + + + +#endif /* _PLUGINS_KAITAI_ROST_TRIGGER_INT_H */ diff --git a/plugins/kaitai/rost/trigger.c b/plugins/kaitai/rost/trigger.c new file mode 100644 index 0000000..6bb6e5d --- /dev/null +++ b/plugins/kaitai/rost/trigger.c @@ -0,0 +1,320 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * trigger.c - accès à des définitions Kaitai depuis ROST + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "trigger.h" + + +#include <string.h> + + +#include "browser.h" +#include "trigger-int.h" + + + +/* ---------------------- ACCES ET DECLENCHEMENT D'UNE ANALYSE ---------------------- */ + + +/* Initialise la classe des accès aux définitions Kaitai. */ +static void g_kaitai_trigger_class_init(GKaitaiTriggerClass *); + +/* Initialise un accès à une définition Kaitai. */ +static void g_kaitai_trigger_init(GKaitaiTrigger *); + +/* Supprime toutes les références externes. */ +static void g_kaitai_trigger_dispose(GKaitaiTrigger *); + +/* Procède à la libération totale de la mémoire. */ +static void g_kaitai_trigger_finalize(GKaitaiTrigger *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Indique le nom associé à une expression d'évaluation. */ +static char *g_kaitai_trigger_get_name(const GKaitaiTrigger *); + +/* Lance une résolution d'élément à solliciter. */ +static bool g_kaitai_trigger_resolve(GKaitaiTrigger *, const char *, GScanContext *, GScanScope *, GScanRegisteredItem **); + + + +/* ---------------------------------------------------------------------------------- */ +/* ACCES ET DECLENCHEMENT D'UNE ANALYSE */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour un accès à une définition Kaitai pour ROST. */ +G_DEFINE_TYPE(GKaitaiTrigger, g_kaitai_trigger, G_TYPE_SCAN_REGISTERED_ITEM); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des accès aux définitions Kaitai. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_kaitai_trigger_class_init(GKaitaiTriggerClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_kaitai_trigger_dispose; + object->finalize = (GObjectFinalizeFunc)g_kaitai_trigger_finalize; + + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); + + registered->get_name = (get_registered_item_name_fc)g_kaitai_trigger_get_name; + registered->resolve = (resolve_registered_item_fc)g_kaitai_trigger_resolve; + +} + + +/****************************************************************************** +* * +* Paramètres : trigger = instance à initialiser. * +* * +* Description : Initialise un accès à une définition Kaitai. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_kaitai_trigger_init(GKaitaiTrigger *trigger) +{ + trigger->name = NULL; + + trigger->kstruct = NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : trigger = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_kaitai_trigger_dispose(GKaitaiTrigger *trigger) +{ + g_clear_object(&trigger->kstruct); + + G_OBJECT_CLASS(g_kaitai_trigger_parent_class)->dispose(G_OBJECT(trigger)); + +} + + +/****************************************************************************** +* * +* Paramètres : trigger = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_kaitai_trigger_finalize(GKaitaiTrigger *trigger) +{ + if (trigger->name != NULL) + free(trigger->name); + + G_OBJECT_CLASS(g_kaitai_trigger_parent_class)->finalize(G_OBJECT(trigger)); + +} + + +/****************************************************************************** +* * +* Paramètres : kstruct = définition Kaitai à manipuler avec du contenu. * +* * +* Description : Crée un nouvel accès à une définition Kaitai à instancier. * +* * +* Retour : Instance mise en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanRegisteredItem *g_kaitai_trigger_new(GKaitaiStruct *kstruct) +{ + GScanRegisteredItem *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_KAITAI_TRIGGER, NULL); + + if (!g_kaitai_trigger_create(G_KAITAI_TRIGGER(result), kstruct)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : trigger = lien vers une définition Kaitai à instancier. * +* kstruct = définition Kaitai à manipuler avec du contenu. * +* * +* Description : Met en place un accès à une définition Kaitai pour ROST. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_kaitai_trigger_create(GKaitaiTrigger *trigger, GKaitaiStruct *kstruct) +{ + bool result; /* Bilan à retourner */ + + result = true; + + trigger->kstruct = kstruct; + g_object_ref(G_OBJECT(trigger->kstruct)); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : trigger = élément d'appel à consulter. * +* * +* Description : Indique le nom associé à une expression d'évaluation. * +* * +* Retour : Désignation humaine de l'expression d'évaluation. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_kaitai_trigger_get_name(const GKaitaiTrigger *trigger) +{ + char *result; /* Désignation à retourner */ + GKaitaiMeta *meta; /* Eventuelles métadonnées */ + const char *id; /* Identifiant de définition */ + + if (trigger->name != NULL) + result = strdup(trigger->name); + + else + { + result = NULL; + + meta = g_kaitai_structure_get_meta(trigger->kstruct); + if (meta == NULL) goto done; + + id = g_kaitai_meta_get_id(meta); + if (id == NULL) goto done; + + result = strdup(id); + + g_object_unref(G_OBJECT(meta)); + + done: + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* target = désignation de l'objet d'appel à identifier. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la résolution opérée. [OUT]* +* * +* Description : Lance une résolution d'élément à solliciter. * +* * +* Retour : Bilan de l'opération : false en cas d'erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_kaitai_trigger_resolve(GKaitaiTrigger *item, const char *target, GScanContext *ctx, GScanScope *scope, GScanRegisteredItem **out) +{ + bool result; /* Bilan à retourner */ + GKaitaiBrowser *browser; /* Navigateur pour résultats */ + GBinContent *content; /* Contenu binaire à analyser */ + GMatchRecord *record; /* Premier niveau de résultats */ + + browser = g_object_get_data(G_OBJECT(item), "kaitai_browser"); + + if (browser == NULL) + { + content = g_scan_context_get_content(ctx); + + record = g_kaitai_structure_parse(item->kstruct, content); + + g_object_unref(G_OBJECT(content)); + + if (record != NULL) + { + browser = g_kaitai_browser_new(NULL, record); + + g_object_set_data_full(G_OBJECT(item), "kaitai_browser", browser, g_object_unref); + + } + + } + + if (browser == NULL) + result = false; + + else + result = g_scan_registered_item_resolve(G_SCAN_REGISTERED_ITEM(browser), target, ctx, scope, out); + + return result; + +} diff --git a/plugins/kaitai/rost/trigger.h b/plugins/kaitai/rost/trigger.h new file mode 100644 index 0000000..f55e998 --- /dev/null +++ b/plugins/kaitai/rost/trigger.h @@ -0,0 +1,61 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * trigger.h - prototypes pour l'accès à des définitions Kaitai depuis ROST + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef PLUGINS_KAITAI_ROST_TRIGGER_H +#define PLUGINS_KAITAI_ROST_TRIGGER_H + + +#include <glib-object.h> + + +#include <analysis/scan/item.h> + + +#include "../parsers/struct.h" + + + +#define G_TYPE_KAITAI_TRIGGER g_kaitai_trigger_get_type() +#define G_KAITAI_TRIGGER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_KAITAI_TRIGGER, GKaitaiTrigger)) +#define G_IS_KAITAI_TRIGGER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_KAITAI_TRIGGER)) +#define G_KAITAI_TRIGGER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_KAITAI_TRIGGER, GKaitaiTriggerClass)) +#define G_IS_KAITAI_TRIGGER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_KAITAI_TRIGGER)) +#define G_KAITAI_TRIGGER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_KAITAI_TRIGGER, GKaitaiTriggerClass)) + + +/* Accès à une définition et déclenchement d'une analyse Kaitai depuis ROST (instance) */ +typedef struct _GKaitaiTrigger GKaitaiTrigger; + +/* Accès à une définition et déclenchement d'une analyse Kaitai depuis ROST (classe) */ +typedef struct _GKaitaiTriggerClass GKaitaiTriggerClass; + + +/* Indique le type défini pour un accès à une définition Kaitai pour ROST. */ +GType g_kaitai_trigger_get_type(void); + +/* Crée un nouvel accès à une définition Kaitai à instancier. */ +GScanRegisteredItem *g_kaitai_trigger_new(GKaitaiStruct *); + + + +#endif /* PLUGINS_KAITAI_ROST_TRIGGER_H */ diff --git a/plugins/kaitai/scope.c b/plugins/kaitai/scope.c index 6d1d47a..fad8890 100644 --- a/plugins/kaitai/scope.c +++ b/plugins/kaitai/scope.c @@ -231,7 +231,7 @@ GKaitaiType *find_sub_type(const kaitai_scope_t *locals, const char *name) size_t i; /* Boucle de parcours */ GKaitaiParser *parser; /* Lecteur d'origine */ - GMatchRecord *list[] = { locals->root, locals->parent, locals->last }; + GMatchRecord *list[] = { locals->last, locals->parent, locals->root }; result = NULL; diff --git a/plugins/kaitai/tokens.l b/plugins/kaitai/tokens.l index 3ddf40d..8c93299 100644 --- a/plugins/kaitai/tokens.l +++ b/plugins/kaitai/tokens.l @@ -91,7 +91,9 @@ "_root" { return ROOT; } "_parent" { return PARENT; } "_" { return LAST; } +"_io" { return IO; } "._io" { return METH_IO; } +".eof" { return IO_EOF; } "true" { return TRUE_CONST; } "false" { return FALSE_CONST; } diff --git a/plugins/pychrysalide/analysis/content.c b/plugins/pychrysalide/analysis/content.c index f94e3f7..c30cdd8 100644 --- a/plugins/pychrysalide/analysis/content.c +++ b/plugins/pychrysalide/analysis/content.c @@ -40,6 +40,7 @@ #include "cattribs.h" #include "constants.h" +#include "storage/serialize.h" #include "../access.h" #include "../helpers.h" #include "../arch/vmpa.h" @@ -49,8 +50,13 @@ /* ------------------------ GLUE POUR CREATION DEPUIS PYTHON ------------------------ */ -/* Procède à l'initialisation de l'interface de génération. */ -static void py_binary_content_interface_init(GBinContentIface *, gpointer *); +/* Initialise la classe générique des contenus de binaire. */ +static void py_binary_content_init_gclass(GBinContentClass *, gpointer); + +CREATE_DYN_ABSTRACT_CONSTRUCTOR(binary_content, G_TYPE_BIN_CONTENT, py_binary_content_init_gclass); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_binary_content_init(PyObject *, PyObject *, PyObject *); /* Fournit le nom associé au contenu binaire. */ static char *py_binary_content_describe_wrapper(const GBinContent *, bool); @@ -126,10 +132,10 @@ static PyObject *py_binary_content_get_data(PyObject *, void *); /****************************************************************************** * * -* Paramètres : iface = interface GLib à initialiser. * -* unused = adresse non utilisée ici. * +* Paramètres : class = classe à initialiser. * +* unused = données non utilisées ici. * * * -* Description : Procède à l'initialisation de l'interface de génération. * +* Description : Initialise la classe générique des contenus de binaire. * * * * Retour : - * * * @@ -137,21 +143,45 @@ static PyObject *py_binary_content_get_data(PyObject *, void *); * * ******************************************************************************/ -static void py_binary_content_interface_init(GBinContentIface *iface, gpointer *unused) +static void py_binary_content_init_gclass(GBinContentClass *class, gpointer unused) { + class->describe = py_binary_content_describe_wrapper; + + class->read_raw = py_binary_content_read_raw_wrapper; + class->read_u8 = py_binary_content_read_u8_wrapper; + class->read_u16 = py_binary_content_read_u16_wrapper; + class->read_u32 = py_binary_content_read_u32_wrapper; + class->read_u64 = py_binary_content_read_u64_wrapper; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_binary_content_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + #define BINARY_CONTENT_DOC \ - "The BinContent is an interface which handles access to a given binary" \ - " content.\n" \ + "A BinContent is an abstract object which handles access to a given" \ + " binary content.\n" \ "\n" \ "All of its implementations are located in the" \ " pychrysalide.analysis.contents module. The main implemantation is" \ " the pychrysalide.analysis.contents.FileContent class.\n" \ "\n" \ - "A typical class declaration for a new implementation looks like:\n" \ - "\n" \ - " class NewImplem(GObject.Object, BinContent):\n" \ - " ...\n" \ - "\n" \ "The following methods have to be defined for new implementations:\n" \ "* pychrysalide.analysis.BinContent._describe();\n" \ "* pychrysalide.analysis.BinContent._read_raw();\n" \ @@ -161,13 +191,12 @@ static void py_binary_content_interface_init(GBinContentIface *iface, gpointer * "* pychrysalide.analysis.BinContent._read_u32();\n" \ "* pychrysalide.analysis.BinContent._read_u64();\n" - iface->describe = py_binary_content_describe_wrapper; + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; - iface->read_raw = py_binary_content_read_raw_wrapper; - iface->read_u8 = py_binary_content_read_u8_wrapper; - iface->read_u16 = py_binary_content_read_u16_wrapper; - iface->read_u32 = py_binary_content_read_u32_wrapper; - iface->read_u64 = py_binary_content_read_u64_wrapper; + return 0; } @@ -1406,14 +1435,17 @@ PyTypeObject *get_python_binary_content_type(void) PyVarObject_HEAD_INIT(NULL, 0) .tp_name = "pychrysalide.analysis.BinContent", - .tp_basicsize = sizeof(PyObject), + .tp_basicsize = sizeof(PyGObject), .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, .tp_doc = BINARY_CONTENT_DOC, .tp_methods = py_binary_content_methods, - .tp_getset = py_binary_content_getseters + .tp_getset = py_binary_content_getseters, + + .tp_init = py_binary_content_init, + .tp_new = py_binary_content_new, }; @@ -1440,23 +1472,18 @@ bool ensure_python_binary_content_is_registered(void) PyObject *module; /* Module à recompléter */ PyObject *dict; /* Dictionnaire du module */ - static GInterfaceInfo info = { /* Paramètres d'inscription */ - - .interface_init = (GInterfaceInitFunc)py_binary_content_interface_init, - .interface_finalize = NULL, - .interface_data = NULL, - - }; - type = get_python_binary_content_type(); if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) { + if (!ensure_python_serializable_object_is_registered()) + return false; + module = get_access_to_python_module("pychrysalide.analysis"); dict = PyModule_GetDict(module); - if (!register_interface_for_pygobject(dict, G_TYPE_BIN_CONTENT, type, &info)) + if (!register_class_for_pygobject(dict, G_TYPE_BIN_CONTENT, type)) return false; if (!define_analysis_content_constants(type)) diff --git a/plugins/pychrysalide/analysis/contents/encapsulated.c b/plugins/pychrysalide/analysis/contents/encapsulated.c index a818bab..e9583e6 100644 --- a/plugins/pychrysalide/analysis/contents/encapsulated.c +++ b/plugins/pychrysalide/analysis/contents/encapsulated.c @@ -28,18 +28,20 @@ #include <pygobject.h> -#include <analysis/contents/encapsulated.h> +#include <i18n.h> +#include <analysis/contents/encapsulated-int.h> #include "../content.h" -#include "../storage/serialize.h" #include "../../access.h" #include "../../helpers.h" -/* Crée un nouvel objet Python de type 'BinContent'. */ -static PyObject *py_encaps_content_new(PyTypeObject *, PyObject *, PyObject *); +CREATE_DYN_CONSTRUCTOR(encaps_content, G_TYPE_ENCAPS_CONTENT); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_encaps_content_init(PyObject *, PyObject *, PyObject *); /* Indique la base d'un contenu binaire encapsulé. */ static PyObject *py_encaps_content_get_base(PyObject *, void *); @@ -54,26 +56,25 @@ static PyObject *py_encaps_content_get_endpoint(PyObject *, void *); /****************************************************************************** * * -* Paramètres : type = type de l'objet à instancier. * +* Paramètres : self = objet à initialiser (théoriquement). * * args = arguments fournis à l'appel. * * kwds = arguments de type key=val fournis. * * * -* Description : Crée un nouvel objet Python de type 'BinContent'. * +* Description : Initialise une instance sur la base du dérivé de GObject. * * * -* Retour : Instance Python mise en place. * +* Retour : 0. * * * * Remarques : - * * * ******************************************************************************/ -static PyObject *py_encaps_content_new(PyTypeObject *type, PyObject *args, PyObject *kwds) +static int py_encaps_content_init(PyObject *self, PyObject *args, PyObject *kwds) { - PyObject *result; /* Instance à retourner */ GBinContent *base; /* Base de l'extraction */ const char *path; /* Chemin vers le contenu final*/ GBinContent *endpoint; /* Contenu accessible au final */ int ret; /* Bilan de lecture des args. */ - GBinContent *content; /* Version GLib du contenu */ + GEncapsContent *content; /* Version GLib du contenu */ #define ENCAPS_CONTENT_DOC \ "EncapsulatedContent gathers items relative to a binary encapsulated" \ @@ -94,20 +95,30 @@ static PyObject *py_encaps_content_new(PyTypeObject *type, PyObject *args, PyObj " pychrysalide.analysis.BinContent instances and the access path must" \ " be provided as a string." + /* Récupération des paramètres */ + ret = PyArg_ParseTuple(args, "O&sO&", convert_to_binary_content, &base, &path, convert_to_binary_content, &endpoint); - if (!ret) return NULL; + if (!ret) return -1; - content = g_encaps_content_new(base, path, endpoint); + /* Initialisation d'un objet GLib */ - result = pygobject_new(G_OBJECT(content)); + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; - if (content != NULL) - g_object_unref(content); + /* Eléments de base */ - return result; + content = G_ENCAPS_CONTENT(pygobject_get(self)); + + if (!g_encaps_content_create(content, base, path, endpoint)) + { + PyErr_SetString(PyExc_ValueError, _("Unable to create encapsulated content.")); + return -1; + } + + return 0; } @@ -276,7 +287,9 @@ PyTypeObject *get_python_encaps_content_type(void) .tp_methods = py_encaps_content_methods, .tp_getset = py_encaps_content_getseters, - .tp_new = py_encaps_content_new + + .tp_init = py_encaps_content_init, + .tp_new = py_encaps_content_new, }; @@ -311,9 +324,6 @@ bool ensure_python_encaps_content_is_registered(void) dict = PyModule_GetDict(module); - if (!ensure_python_serializable_object_is_registered()) - return false; - if (!ensure_python_binary_content_is_registered()) return false; diff --git a/plugins/pychrysalide/analysis/contents/file.c b/plugins/pychrysalide/analysis/contents/file.c index 9552b6c..5bef069 100644 --- a/plugins/pychrysalide/analysis/contents/file.c +++ b/plugins/pychrysalide/analysis/contents/file.c @@ -28,18 +28,20 @@ #include <pygobject.h> -#include <analysis/contents/file.h> +#include <i18n.h> +#include <analysis/contents/file-int.h> #include "memory.h" -#include "../storage/serialize.h" #include "../../access.h" #include "../../helpers.h" -/* Crée un nouvel objet Python de type 'BinContent'. */ -static PyObject *py_file_content_new(PyTypeObject *, PyObject *, PyObject *); +CREATE_DYN_CONSTRUCTOR(file_content, G_TYPE_FILE_CONTENT); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_file_content_init(PyObject *, PyObject *, PyObject *); /* Fournit le nom de fichier associé au contenu binaire. */ static PyObject *py_file_content_get_filename(PyObject *, void *); @@ -48,24 +50,23 @@ static PyObject *py_file_content_get_filename(PyObject *, void *); /****************************************************************************** * * -* Paramètres : type = type de l'objet à instancier. * +* Paramètres : self = objet à initialiser (théoriquement). * * args = arguments fournis à l'appel. * * kwds = arguments de type key=val fournis. * * * -* Description : Crée un nouvel objet Python de type 'BinContent'. * +* Description : Initialise une instance sur la base du dérivé de GObject. * * * -* Retour : Instance Python mise en place. * +* Retour : 0. * * * * Remarques : - * * * ******************************************************************************/ -static PyObject *py_file_content_new(PyTypeObject *type, PyObject *args, PyObject *kwds) +static int py_file_content_init(PyObject *self, PyObject *args, PyObject *kwds) { - PyObject *result; /* Instance à retourner */ const char *filename; /* Nom du fichier à charger */ int ret; /* Bilan de lecture des args. */ - GBinContent *content; /* Version GLib du contenu */ + GFileContent *content; /* Version GLib du contenu */ #define FILE_CONTENT_DOC \ "FileContent handles binary content loaded from a file.\n" \ @@ -76,17 +77,27 @@ static PyObject *py_file_content_new(PyTypeObject *type, PyObject *args, PyObjec "\n" \ "Where filename is a path to an existing file." + /* Récupération des paramètres */ + ret = PyArg_ParseTuple(args, "s", &filename); - if (!ret) return NULL; + if (!ret) return -1; - content = g_file_content_new(filename); + /* Initialisation d'un objet GLib */ - result = pygobject_new(G_OBJECT(content)); + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; - if (content != NULL) - g_object_unref(content); + /* Eléments de base */ - return result; + content = G_FILE_CONTENT(pygobject_get(self)); + + if (!g_file_content_create(content, filename)) + { + PyErr_SetString(PyExc_ValueError, _("Unable to create file content.")); + return -1; + } + + return 0; } @@ -163,7 +174,9 @@ PyTypeObject *get_python_file_content_type(void) .tp_methods = py_file_content_methods, .tp_getset = py_file_content_getseters, - .tp_new = py_file_content_new + + .tp_init = py_file_content_init, + .tp_new = py_file_content_new, }; @@ -201,9 +214,6 @@ bool ensure_python_file_content_is_registered(void) if (!ensure_python_memory_content_is_registered()) return false; - if (!ensure_python_serializable_object_is_registered()) - return false; - if (!register_class_for_pygobject(dict, G_TYPE_FILE_CONTENT, type)) return false; diff --git a/plugins/pychrysalide/analysis/contents/memory.c b/plugins/pychrysalide/analysis/contents/memory.c index b5448f0..7464779 100644 --- a/plugins/pychrysalide/analysis/contents/memory.c +++ b/plugins/pychrysalide/analysis/contents/memory.c @@ -28,42 +28,43 @@ #include <pygobject.h> -#include <analysis/contents/memory.h> +#include <i18n.h> +#include <analysis/contents/memory-int.h> #include "../content.h" -#include "../storage/serialize.h" #include "../../access.h" #include "../../helpers.h" -/* Crée un nouvel objet Python de type 'BinContent'. */ -static PyObject *py_memory_content_new(PyTypeObject *, PyObject *, PyObject *); +CREATE_DYN_CONSTRUCTOR(memory_content, G_TYPE_MEMORY_CONTENT); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_memory_content_init(PyObject *, PyObject *, PyObject *); /****************************************************************************** * * -* Paramètres : type = type de l'objet à instancier. * +* Paramètres : self = objet à initialiser (théoriquement). * * args = arguments fournis à l'appel. * * kwds = arguments de type key=val fournis. * * * -* Description : Crée un nouvel objet Python de type 'BinContent'. * +* Description : Initialise une instance sur la base du dérivé de GObject. * * * -* Retour : Instance Python mise en place. * +* Retour : 0. * * * * Remarques : - * * * ******************************************************************************/ -static PyObject *py_memory_content_new(PyTypeObject *type, PyObject *args, PyObject *kwds) +static int py_memory_content_init(PyObject *self, PyObject *args, PyObject *kwds) { - PyObject *result; /* Instance à retourner */ const char *data; /* Tampon interne de Python */ Py_ssize_t length; /* Taille utilisé de ce tampon */ int ret; /* Bilan de lecture des args. */ - GBinContent *content; /* Version GLib du contenu */ + GMemoryContent *content; /* Version GLib du contenu */ #define MEMORY_CONTENT_DOC \ "MemoryContent builds a binary content from memory data only." \ @@ -76,22 +77,32 @@ static PyObject *py_memory_content_new(PyTypeObject *type, PyObject *args, PyObj "Where data is provided as string or read-only bytes-like object." \ " The string may contain embedded null bytes." + /* Récupération des paramètres */ + /** * La taille doit être de type 'int' et non 'Py_ssize_t', sinon les 32 bits * de poids fort ne sont pas initialisés ! */ ret = PyArg_ParseTuple(args, "s#", &data, &length); - if (!ret) return NULL; + if (!ret) return -1; + + /* Initialisation d'un objet GLib */ - content = g_memory_content_new((const bin_t *)data, length); + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; - result = pygobject_new(G_OBJECT(content)); + /* Eléments de base */ - if (content != NULL) - g_object_unref(content); + content = G_MEMORY_CONTENT(pygobject_get(self)); - return result; + if (!g_memory_content_create(content, (const bin_t *)data, length)) + { + PyErr_SetString(PyExc_ValueError, _("Unable to create memory content.")); + return -1; + } + + return 0; } @@ -131,7 +142,9 @@ PyTypeObject *get_python_memory_content_type(void) .tp_methods = py_memory_content_methods, .tp_getset = py_memory_content_getseters, - .tp_new = py_memory_content_new + + .tp_init = py_memory_content_init, + .tp_new = py_memory_content_new, }; @@ -166,9 +179,6 @@ bool ensure_python_memory_content_is_registered(void) dict = PyModule_GetDict(module); - if (!ensure_python_serializable_object_is_registered()) - return false; - if (!ensure_python_binary_content_is_registered()) return false; diff --git a/plugins/pychrysalide/analysis/contents/restricted.c b/plugins/pychrysalide/analysis/contents/restricted.c index 2609bb4..4521578 100644 --- a/plugins/pychrysalide/analysis/contents/restricted.c +++ b/plugins/pychrysalide/analysis/contents/restricted.c @@ -31,19 +31,21 @@ #include <i18n.h> -#include <analysis/contents/restricted.h> +#include <i18n.h> +#include <analysis/contents/restricted-int.h> #include "../content.h" -#include "../storage/serialize.h" #include "../../access.h" #include "../../helpers.h" #include "../../arch/vmpa.h" -/* Crée un nouvel objet Python de type 'BinContent'. */ -static PyObject *py_restricted_content_new(PyTypeObject *, PyObject *, PyObject *); +CREATE_DYN_CONSTRUCTOR(restricted_content, G_TYPE_RESTRICTED_CONTENT); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_restricted_content_init(PyObject *, PyObject *, PyObject *); /* Indique l'espace de restriction appliqué à un contenu. */ static PyObject *py_restricted_content_get_range(PyObject *, void *); @@ -52,25 +54,24 @@ static PyObject *py_restricted_content_get_range(PyObject *, void *); /****************************************************************************** * * -* Paramètres : type = type de l'objet à instancier. * +* Paramètres : self = objet à initialiser (théoriquement). * * args = arguments fournis à l'appel. * * kwds = arguments de type key=val fournis. * * * -* Description : Crée un nouvel objet Python de type 'BinContent'. * +* Description : Initialise une instance sur la base du dérivé de GObject. * * * -* Retour : Instance Python mise en place. * +* Retour : 0. * * * * Remarques : - * * * ******************************************************************************/ -static PyObject *py_restricted_content_new(PyTypeObject *type, PyObject *args, PyObject *kwds) +static int py_restricted_content_init(PyObject *self, PyObject *args, PyObject *kwds) { - PyObject *result; /* Instance à retourner */ - GBinContent *content; /* Instance GLib correspondante*/ + GBinContent *internal; /* Instance GLib correspondante*/ mrange_t range; /* Restriction à appliquer */ int ret; /* Bilan de lecture des args. */ - GBinContent *restricted; /* Création GLib à transmettre */ + GRestrictedContent *content; /* Version GLib du contenu */ #define RESTRICTED_CONTENT_DOC \ "RestrictedContent restricts access to a given area for a binary content." \ @@ -82,14 +83,27 @@ static PyObject *py_restricted_content_new(PyTypeObject *type, PyObject *args, P "Where content is a pychrysalide.analysis.BinContent instance and range" \ " a Python object which can be converted into pychrysalide.arch.mrange." - ret = PyArg_ParseTuple(args, "O&O&", convert_to_binary_content, &content, convert_any_to_mrange, &range); - if (!ret) return NULL; + /* Récupération des paramètres */ - restricted = g_restricted_content_new(content, &range); + ret = PyArg_ParseTuple(args, "O&O&", convert_to_binary_content, &internal, convert_any_to_mrange, &range); + if (!ret) return -1; - result = pygobject_new(G_OBJECT(restricted)); + /* Initialisation d'un objet GLib */ - return result; + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + /* Eléments de base */ + + content = G_RESTRICTED_CONTENT(pygobject_get(self)); + + if (!g_restricted_content_create(content, internal, &range)) + { + PyErr_SetString(PyExc_ValueError, _("Unable to create restricted content.")); + return -1; + } + + return 0; } @@ -166,7 +180,9 @@ PyTypeObject *get_python_restricted_content_type(void) .tp_methods = py_restricted_content_methods, .tp_getset = py_restricted_content_getseters, - .tp_new = py_restricted_content_new + + .tp_init = py_restricted_content_init, + .tp_new = py_restricted_content_new, }; @@ -201,9 +217,6 @@ bool ensure_python_restricted_content_is_registered(void) dict = PyModule_GetDict(module); - if (!ensure_python_serializable_object_is_registered()) - return false; - if (!ensure_python_binary_content_is_registered()) return false; diff --git a/plugins/pychrysalide/analysis/scan/Makefile.am b/plugins/pychrysalide/analysis/scan/Makefile.am index 32bf1e3..8c9fb77 100644 --- a/plugins/pychrysalide/analysis/scan/Makefile.am +++ b/plugins/pychrysalide/analysis/scan/Makefile.am @@ -13,9 +13,10 @@ libpychrysaanalysisscan_la_SOURCES = \ space.h space.c libpychrysaanalysisscan_la_LIBADD = \ + exprs/libpychrysaanalysisscanexprs.la \ patterns/libpychrysaanalysisscanpatterns.la -libpychrysaanalysisscan_la_CFLAGS = $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) $(TOOLKIT_CFLAGS) \ +libpychrysaanalysisscan_la_CFLAGS = $(LIBPYTHON_INTERPRETER_CFLAGS) $(LIBPYGOBJECT_CFLAGS) $(TOOLKIT_CFLAGS) \ -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT @@ -24,4 +25,4 @@ devdir = $(includedir)/chrysalide/$(subdir) dev_HEADERS = $(libpychrysaanalysisscan_la_SOURCES:%c=) -SUBDIRS = patterns +SUBDIRS = exprs patterns diff --git a/plugins/pychrysalide/analysis/scan/constants.c b/plugins/pychrysalide/analysis/scan/constants.c index 7ada8d3..d030df2 100644 --- a/plugins/pychrysalide/analysis/scan/constants.c +++ b/plugins/pychrysalide/analysis/scan/constants.c @@ -51,7 +51,7 @@ bool define_expression_value_type_constants(PyTypeObject *type) values = PyDict_New(); - result = add_const_to_group(values, "SRS_PENDING", SRS_PENDING); + result = add_const_to_group(values, "PENDING", SRS_PENDING); if (result) result = add_const_to_group(values, "REDUCED", SRS_REDUCED); if (result) result = add_const_to_group(values, "WAIT_FOR_SCAN", SRS_WAIT_FOR_SCAN); if (result) result = add_const_to_group(values, "UNRESOLVABLE", SRS_UNRESOLVABLE); diff --git a/plugins/pychrysalide/analysis/scan/context.c b/plugins/pychrysalide/analysis/scan/context.c index 8f29457..9becaf7 100644 --- a/plugins/pychrysalide/analysis/scan/context.c +++ b/plugins/pychrysalide/analysis/scan/context.c @@ -32,10 +32,11 @@ #include <analysis/content.h> #include <analysis/scan/context-int.h> #include <analysis/scan/expr.h> -#include <plugins/pychrysalide/access.h> -#include <plugins/pychrysalide/helpers.h> -#include <plugins/pychrysalide/analysis/content.h> -#include <plugins/pychrysalide/analysis/scan/expr.h> + +#include "expr.h" +#include "../content.h" +#include "../../access.h" +#include "../../helpers.h" @@ -50,6 +51,12 @@ static PyObject *py_scan_context_mark_scan_as_done(PyObject *, PyObject *); /* Indique si une correspondance globale a pu être établie. */ static PyObject *py_scan_context_has_match_for_rule(PyObject *, PyObject *); +/* Fournit une référence au contenu principal analysé. */ +static PyObject *py_scan_context_get_content(PyObject *, void *); + +/* Définit le contenu principal à analyser. */ +static int py_scan_context_set_content(PyObject *, PyObject *, void *); + /* Indique si la phase d'analyse de contenu est terminée. */ static PyObject *py_scan_context_is_scan_done(PyObject *, void *); @@ -183,6 +190,79 @@ static PyObject *py_scan_context_has_match_for_rule(PyObject *self, PyObject *ar /****************************************************************************** * * +* Paramètres : self = classe représentant une routine binaire. * +* closure = adresse non utilisée ici. * +* * +* Description : Fournit une référence au contenu principal analysé. * +* * +* Retour : Content binaire associé au context. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_scan_context_get_content(PyObject *self, void *closure) +{ + PyObject *result; /* Eléments à retourner */ + GScanContext *context; /* Version native */ + GBinContent *content; /* Contenu binaire à référencer*/ + +#define SCAN_CONTEXT_CONTENT_ATTRIB PYTHON_GETSET_DEF_FULL \ +( \ + content, py_scan_context, \ + "Link to the scanned binary content.\n" \ + "\n" \ + "The result is a pychrysalide.analysis.BinContent for" \ + " fully initialized context." \ +) + + context = G_SCAN_CONTEXT(pygobject_get(self)); + content = g_scan_context_get_content(context); + + result = pygobject_new(G_OBJECT(content)); + + g_object_unref(G_OBJECT(content)); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* value = valeur fournie à intégrer ou prendre en compte. * +* closure = non utilisé ici. * +* * +* Description : Définit le contenu principal à analyser. * +* * +* Retour : Content binaire associé au context. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_context_set_content(PyObject *self, PyObject *value, void *closure) +{ + GScanContext *context; /* Elément à consulter */ + int ret; /* Bilan de lecture des args. */ + GBinContent *content; /* Contenu binaire à référencer*/ + + ret = PyObject_IsInstance(value, (PyObject *)get_python_binary_content_type()); + if (!ret) return -1; + + context = G_SCAN_CONTEXT(pygobject_get(self)); + content = G_BIN_CONTENT(pygobject_get(value)); + + // FIXME g_scan_context_set_content(context, content); + + return 0; + +} + + +/****************************************************************************** +* * * Paramètres : self = objet Python concerné par l'appel. * * closure = non utilisé ici. * * * @@ -242,6 +322,7 @@ PyTypeObject *get_python_scan_context_type(void) }; static PyGetSetDef py_scan_context_getseters[] = { + SCAN_CONTEXT_CONTENT_ATTRIB, SCAN_CONTEXT_IS_SCAN_DONE_ATTRIB, { NULL } }; diff --git a/plugins/pychrysalide/analysis/scan/core.c b/plugins/pychrysalide/analysis/scan/core.c index f609f7d..16df9a9 100644 --- a/plugins/pychrysalide/analysis/scan/core.c +++ b/plugins/pychrysalide/analysis/scan/core.c @@ -37,18 +37,6 @@ -/* #include <malloc.h> */ - -/* #include <i18n.h> */ -/* #include <arch/processor.h> */ -/* #include <core/processors.h> */ - -/* #include "../core.h" */ - -/* #include "../arch/processor.h" */ - - - /* Inscrit un modificateur dans la liste des disponibles. */ static PyObject *py_scan_register_token_modifier(PyObject *, PyObject *); @@ -119,7 +107,8 @@ static PyObject *py_scan_register_token_modifier(PyObject *self, PyObject *args) static PyObject *py_scan_find_token_modifiers_for_name(PyObject *self, PyObject *args) { PyObject *result; /* Bilan à retourner */ - const char *name; /* Nom d'appel à rechercher */ + sized_string_t name; /* Nom d'appel à rechercher */ + Py_ssize_t len; /* Taille de ce nom */ int ret; /* Bilan de lecture des args. */ GScanTokenModifier *modifier; /* Instance mise en place */ @@ -135,10 +124,12 @@ static PyObject *py_scan_find_token_modifiers_for_name(PyObject *self, PyObject " if no instance was found for the provided name." \ ) - ret = PyArg_ParseTuple(args, "s", &name); + ret = PyArg_ParseTuple(args, "s#", &name.static_data, &len); if (!ret) return NULL; - modifier = find_scan_token_modifiers_for_name(name); + name.len = len; + + modifier = find_scan_token_modifiers_for_name(&name); if (modifier != NULL) { diff --git a/plugins/pychrysalide/analysis/scan/expr.c b/plugins/pychrysalide/analysis/scan/expr.c index 3622e9b..2d8245a 100644 --- a/plugins/pychrysalide/analysis/scan/expr.c +++ b/plugins/pychrysalide/analysis/scan/expr.c @@ -107,7 +107,7 @@ static int py_scan_expression_init(PyObject *self, PyObject *args, PyObject *kwd " the following arguments as keyword parameters:\n" \ "* *state*: initial state of reduction for the expression, as a" \ " pychrysalide.analysis.scan.ScanExpression.ScanReductionState" \ - " value." \ + " value." \ "\n" \ "The following methods have to be defined for new classes:\n" \ "* pychrysalide.analysis.scan.ScanExpression._cmp_rich().\n" diff --git a/plugins/pychrysalide/analysis/scan/expr.h b/plugins/pychrysalide/analysis/scan/expr.h index 00ab28d..42f5350 100644 --- a/plugins/pychrysalide/analysis/scan/expr.h +++ b/plugins/pychrysalide/analysis/scan/expr.h @@ -37,7 +37,7 @@ PyTypeObject *get_python_scan_expression_type(void); /* Prend en charge l'objet 'pychrysalide.analysis.scan.ScanExpression'. */ bool ensure_python_scan_expression_is_registered(void); -/* Tente de convertir en fonction d'analyse pour scan. */ +/* Tente de convertir en expression d'évaluation généraliste. */ int convert_to_scan_expression(PyObject *, void *); diff --git a/plugins/pychrysalide/analysis/scan/exprs/Makefile.am b/plugins/pychrysalide/analysis/scan/exprs/Makefile.am new file mode 100644 index 0000000..e40d4de --- /dev/null +++ b/plugins/pychrysalide/analysis/scan/exprs/Makefile.am @@ -0,0 +1,15 @@ + +noinst_LTLIBRARIES = libpychrysaanalysisscanexprs.la + +libpychrysaanalysisscanexprs_la_SOURCES = \ + constants.h constants.c \ + literal.h literal.c \ + module.h module.c + +libpychrysaanalysisscanexprs_la_CFLAGS = $(LIBPYTHON_INTERPRETER_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + $(TOOLKIT_CFLAGS) -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT + + +devdir = $(includedir)/chrysalide/$(subdir) + +dev_HEADERS = $(libpychrysaanalysisscanexprs_la_SOURCES:%c=) diff --git a/plugins/pychrysalide/analysis/scan/exprs/constants.c b/plugins/pychrysalide/analysis/scan/exprs/constants.c new file mode 100644 index 0000000..b11ac4c --- /dev/null +++ b/plugins/pychrysalide/analysis/scan/exprs/constants.c @@ -0,0 +1,128 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * constants.c - ajout des constantes de base pour les expressions + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "constants.h" + + +#include <analysis/scan/exprs/literal.h> + + +#include "../../../helpers.h" + + + +/****************************************************************************** +* * +* Paramètres : type = type dont le dictionnaire est à compléter. * +* * +* Description : Définit les constantes relatives aux expressions de scan. * +* * +* Retour : true en cas de succès de l'opération, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool define_literal_expression_value_type_constants(PyTypeObject *type) +{ + bool result; /* Bilan à retourner */ + PyObject *values; /* Groupe de valeurs à établir */ + + values = PyDict_New(); + + result = add_const_to_group(values, "LVT_BOOLEAN", LVT_BOOLEAN); + if (result) result = add_const_to_group(values, "SIGNED_INTEGER", LVT_SIGNED_INTEGER); + if (result) result = add_const_to_group(values, "UNSIGNED_INTEGER", LVT_UNSIGNED_INTEGER); + if (result) result = add_const_to_group(values, "STRING", LVT_STRING); + + if (!result) + { + Py_DECREF(values); + goto exit; + } + + result = attach_constants_group_to_type(type, false, "LiteralValueType", values, + "Type of value carried by a literal scan expression."); + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en constante LiteralValueType. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_literal_expression_value_type(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + unsigned long value; /* Valeur transcrite */ + + result = PyObject_IsInstance(arg, (PyObject *)&PyLong_Type); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to LiteralValueType"); + break; + + case 1: + value = PyLong_AsUnsignedLong(arg); + + if (value > LVT_REG_EXPR) + { + PyErr_SetString(PyExc_TypeError, "invalid value for LiteralValueType"); + result = 0; + } + + else + *((LiteralValueType *)dst) = value; + + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/pychrysalide/analysis/scan/exprs/constants.h b/plugins/pychrysalide/analysis/scan/exprs/constants.h new file mode 100644 index 0000000..e5b8e8c --- /dev/null +++ b/plugins/pychrysalide/analysis/scan/exprs/constants.h @@ -0,0 +1,42 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * constants.h - prototypes pour l'ajout des constantes de base pour les expressions + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_CONSTANTS_H +#define _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_CONSTANTS_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Définit les constantes relatives aux expressions litérales. */ +bool define_literal_expression_value_type_constants(PyTypeObject *); + +/* Tente de convertir en constante LiteralValueType. */ +int convert_to_literal_expression_value_type(PyObject *, void *); + + + +#endif /* _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_CONSTANTS_H */ diff --git a/plugins/pychrysalide/analysis/scan/exprs/literal.c b/plugins/pychrysalide/analysis/scan/exprs/literal.c new file mode 100644 index 0000000..d7ae002 --- /dev/null +++ b/plugins/pychrysalide/analysis/scan/exprs/literal.c @@ -0,0 +1,281 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * literal.c - équivalent Python du fichier "analysis/scan/exprs/literal.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "literal.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <analysis/scan/exprs/literal-int.h> + + +#include "constants.h" +#include "../expr.h" +#include "../../../access.h" +#include "../../../helpers.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_literal_expression, G_TYPE_SCAN_LITERAL_EXPRESSION); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_literal_expression_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_literal_expression_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + PyObject *py_value; /* Valeur en version Python */ + int ret; /* Bilan de lecture des args. */ + LiteralValueType vtype; /* Valeur à porter */ + bool arg_boolean; /* Argument natif booléen */ + unsigned long long arg_uinteger; /* Argument natif entier */ + sized_string_t arg_string; /* Argument natif textuel */ + Py_ssize_t arg_str_length; /* Taille de ce texte */ + void *arg_ptr; /* Pointeur vers un argument */ + GScanLiteralExpression *expr; /* Création GLib à transmettre */ + +#define SCAN_LITERAL_EXPRESSION_DOC \ + "A ScanLiteralExpression object defines expression carrying" \ + " literal values available for scan match conditions.\n" \ + "\n" \ + "Instances can be created using one of the following" \ + " constructors:\n" \ + "\n" \ + " ScanLiteralExpression(value)" \ + "\n" \ + "\n" \ + "Where *value* is either a boolean, an integer or bytes." + + /* Récupération des paramètres */ + + ret = PyArg_ParseTuple(args, "O", &py_value); + if (!ret) return -1; + + if (PyBool_Check(py_value)) + { + vtype = LVT_BOOLEAN; + + arg_boolean = (py_value == Py_True); + arg_ptr = &arg_boolean; + + } + + else if (PyLong_Check(py_value)) + { + if (1 /* sign - TODO */) + ; + + vtype = LVT_UNSIGNED_INTEGER; + + arg_uinteger = PyLong_AsUnsignedLongLong(py_value); + arg_ptr = &arg_uinteger; + + } + + else if (PyBytes_Check(py_value)) + { + vtype = LVT_STRING; + + ret = PyBytes_AsStringAndSize(py_value, &arg_string.data, &arg_str_length); + if (ret == -1) return -1; + + arg_string.len = arg_str_length; + arg_ptr = &arg_string; + + } + + else + { + PyErr_SetString(PyExc_ValueError, _("Unsupported Python value for a literal scan expression.")); + return -1; + } + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + /* Eléments de base */ + + expr = G_SCAN_LITERAL_EXPRESSION(pygobject_get(self)); + + if (!g_scan_literal_expression_create(expr, vtype, arg_ptr)) + { + PyErr_SetString(PyExc_ValueError, _("Unable to create literal expression.")); + return -1; + } + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_literal_expression_type(void) +{ + static PyMethodDef py_scan_literal_expression_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_literal_expression_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_literal_expression_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.exprs.ScanLiteralExpression", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_LITERAL_EXPRESSION_DOC, + + .tp_methods = py_scan_literal_expression_methods, + .tp_getset = py_scan_literal_expression_getseters, + + .tp_init = py_scan_literal_expression_init, + .tp_new = py_scan_literal_expression_new, + + }; + + return &py_scan_literal_expression_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide....PlainModifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_literal_expression_is_registered(void) +{ + PyTypeObject *type; /* Type Python 'PlainModifier' */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_literal_expression_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.exprs"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_scan_expression_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_LITERAL_EXPRESSION, type)) + return false; + + if (!define_literal_expression_value_type_constants(type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en transmission d'octets à l'identique. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_literal_expression(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_literal_expression_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to scan literal expression"); + break; + + case 1: + *((GScanLiteralExpression **)dst) = G_SCAN_LITERAL_EXPRESSION(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/pychrysalide/analysis/scan/exprs/literal.h b/plugins/pychrysalide/analysis/scan/exprs/literal.h new file mode 100644 index 0000000..8e7ea70 --- /dev/null +++ b/plugins/pychrysalide/analysis/scan/exprs/literal.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * literal.h - équivalent Python du fichier "analysis/scan/exprs/literal.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_LITERAL_H +#define _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_LITERAL_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_literal_expression_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.exprs.ScanLiteralExpression'. */ +bool ensure_python_scan_literal_expression_is_registered(void); + +/* Tente de convertir en transmission d'octets à l'identique. */ +int convert_to_scan_literal_expression(PyObject *, void *); + + + +#endif /* _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_LITERAL_H */ diff --git a/plugins/pychrysalide/analysis/scan/exprs/module.c b/plugins/pychrysalide/analysis/scan/exprs/module.c new file mode 100644 index 0000000..4f38430 --- /dev/null +++ b/plugins/pychrysalide/analysis/scan/exprs/module.c @@ -0,0 +1,103 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.c - intégration du répertoire exprs en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "module.h" + + +#include <assert.h> + + +#include "literal.h" +#include "../../../helpers.h" + + + +/****************************************************************************** +* * +* Paramètres : super = module dont la définition est à compléter. * +* * +* Description : Ajoute le module 'analysis....modifiers' à un module Python. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool add_analysis_scan_exprs_module(PyObject *super) +{ + bool result; /* Bilan à retourner */ + PyObject *module; /* Sous-module mis en place */ + +#define PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_MODULE_DOC \ + "This module provide expressions used to build a match condition." + + static PyModuleDef py_chrysalide_analysis_scan_exprs_module = { + + .m_base = PyModuleDef_HEAD_INIT, + + .m_name = "pychrysalide.analysis.scan.exprs", + .m_doc = PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_MODULE_DOC, + + .m_size = -1, + + }; + + module = build_python_module(super, &py_chrysalide_analysis_scan_exprs_module); + + result = (module != NULL); + + if (!result) + Py_XDECREF(module); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Intègre les objets du module 'analysis...patterns.modifiers'.* +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool populate_analysis_scan_exprs_module(void) +{ + bool result; /* Bilan à retourner */ + + result = true; + + if (result) result = ensure_python_scan_literal_expression_is_registered(); + + assert(result); + + return result; + +} diff --git a/plugins/pychrysalide/analysis/scan/exprs/module.h b/plugins/pychrysalide/analysis/scan/exprs/module.h new file mode 100644 index 0000000..ee4b8ab --- /dev/null +++ b/plugins/pychrysalide/analysis/scan/exprs/module.h @@ -0,0 +1,42 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * module.h - prototypes pour l'intégration du répertoire exprs en tant que module + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_MODULE_H +#define _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_MODULE_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Ajoute le module 'analysis.scan.exprs' à un module Python. */ +bool add_analysis_scan_exprs_module(PyObject *); + +/* Intègre les objets du module 'analysis.scan.exprs'. */ +bool populate_analysis_scan_exprs_module(void); + + + +#endif /* _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_EXPRS_MODULE_H */ diff --git a/plugins/pychrysalide/analysis/scan/item.c b/plugins/pychrysalide/analysis/scan/item.c index 959694e..014ae24 100644 --- a/plugins/pychrysalide/analysis/scan/item.c +++ b/plugins/pychrysalide/analysis/scan/item.c @@ -38,14 +38,68 @@ -CREATE_DYN_CONSTRUCTOR(registered_item, G_TYPE_REGISTERED_ITEM); +/* ------------------------ GLUE POUR CREATION DEPUIS PYTHON ------------------------ */ + + +/* Initialise la classe des éléments appelables enregistrés. */ +static void py_scan_registered_item_init_gclass(GScanRegisteredItemClass *, gpointer); + +CREATE_DYN_ABSTRACT_CONSTRUCTOR(scan_registered_item, G_TYPE_SCAN_REGISTERED_ITEM, py_scan_registered_item_init_gclass); /* Initialise une instance sur la base du dérivé de GObject. */ -static int py_registered_item_init(PyObject *, PyObject *, PyObject *); +static int py_scan_registered_item_init(PyObject *, PyObject *, PyObject *); + +/* Indique le nom associé à une expression d'évaluation. */ +static char *py_scan_registered_item_get_name_wrapper(const GScanRegisteredItem *); + +/* Lance une résolution d'élément à solliciter. */ +static bool py_scan_registered_item_resolve_wrapper(GScanRegisteredItem *, const char *, GScanContext *, GScanScope *, GScanRegisteredItem **); + +/* Réduit une expression à une forme plus simple. */ +static bool py_scan_registered_item_reduce_wrapper(GScanRegisteredItem *, GScanContext *, GScanScope *, GScanExpression **); + +/* Effectue un appel à une fonction enregistrée. */ +static bool py_scan_registered_item_run_call_wrapper(GScanRegisteredItem *, GScanExpression **, size_t, GScanContext *, GScanScope *, GObject **); + + + +/* ------------------------- CONNEXION AVEC L'API DE PYTHON ------------------------- */ + /* Lance une résolution d'élément à appeler. */ -static PyObject *py_registered_item_resolve(PyObject *, PyObject *); +static PyObject *py_scan_registered_item_resolve(PyObject *, PyObject *); + +/* Fournit le désignation associée à un composant nommé. */ +static PyObject *py_scan_registered_item_get_name(PyObject *, void *); + + + +/* ---------------------------------------------------------------------------------- */ +/* GLUE POUR CREATION DEPUIS PYTHON */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : class = classe à initialiser. * +* unused = données non utilisées ici. * +* * +* Description : Initialise la classe des éléments appelables enregistrés. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ +static void py_scan_registered_item_init_gclass(GScanRegisteredItemClass *class, gpointer unused) +{ + class->get_name = py_scan_registered_item_get_name_wrapper; + class->resolve = py_scan_registered_item_resolve_wrapper; + class->reduce = py_scan_registered_item_reduce_wrapper; + class->run_call = py_scan_registered_item_run_call_wrapper; + +} /****************************************************************************** @@ -62,17 +116,26 @@ static PyObject *py_registered_item_resolve(PyObject *, PyObject *); * * ******************************************************************************/ -static int py_registered_item_init(PyObject *self, PyObject *args, PyObject *kwds) +static int py_scan_registered_item_init(PyObject *self, PyObject *args, PyObject *kwds) { int ret; /* Bilan de lecture des args. */ -#define REGISTERED_ITEM_DOC \ - "The *RegisteredItem* class defines the basics for evaluation" \ - " items involved into content scanning.\n" \ +#define SCAN_REGISTERED_ITEM_DOC \ + "The *RegisteredItem* class is an abstract definition which is" \ + " the base for all keywords involved in a match condition" \ + " expression.\n" \ "\n" \ - "Instances can be created using the following constructor:\n" \ + "Calls to the *__init__* constructor of this abstract object" \ + " expect no particular argument.\n" \ "\n" \ - " RegisteredItem()" + "The following methods have to be defined for new classes:\n" \ + "* pychrysalide.analysis.scan.RegisteredItem._resolve();\n" \ + "* pychrysalide.analysis.scan.RegisteredItem._reduce();\n" \ + "* pychrysalide.analysis.scan.RegisteredItem._call().\n" \ + "\n" \ + "One item has to be defined as class attributes in the final" \ + " class:\n" \ + "* pychrysalide.analysis.scan.RegisteredItem._name.\n" /* Initialisation d'un objet GLib */ @@ -86,6 +149,338 @@ static int py_registered_item_init(PyObject *self, PyObject *args, PyObject *kwd /****************************************************************************** * * +* Paramètres : item = élément d'appel à consulter. * +* * +* Description : Indique le nom associé à une expression d'évaluation. * +* * +* Retour : Désignation humaine de l'expression d'évaluation. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *py_scan_registered_item_get_name_wrapper(const GScanRegisteredItem *item) +{ + char *result; /* Désignation à retourner */ + PyGILState_STATE gstate; /* Sauvegarde d'environnement */ + PyObject *pyobj; /* Objet Python concerné */ + PyObject *pyname; /* Nom en objet Python */ + int ret; /* Bilan d'une conversion */ + +#define SCAN_REGISTERED_ITEM_NAME_ATTRIB_WRAPPER PYTHON_GETTER_WRAPPER_DEF \ +( \ + _name, \ + "Provide the keyword of the expression item to be evaluated.\n" \ + "\n" \ + "The result has to be a string." \ +) + + result = NULL; + + gstate = PyGILState_Ensure(); + + pyobj = pygobject_new(G_OBJECT(item)); + + if (PyObject_HasAttrString(pyobj, "_name")) + { + pyname = PyObject_GetAttrString(pyobj, "_name"); + + if (pyname != NULL) + { + ret = PyUnicode_Check(pyname); + + if (ret) + result = strdup(PyUnicode_AsUTF8(pyname)); + + Py_DECREF(pyname); + + } + + } + + Py_DECREF(pyobj); + + PyGILState_Release(gstate); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* target = désignation de l'objet d'appel à identifier. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la résolution opérée. [OUT]* +* * +* Description : Lance une résolution d'élément à solliciter. * +* * +* Retour : Bilan de l'opération : false en cas d'erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool py_scan_registered_item_resolve_wrapper(GScanRegisteredItem *item, const char *target, GScanContext *ctx, GScanScope *scope, GScanRegisteredItem **out) +{ + bool result; /* Bilan à retourner */ + PyGILState_STATE gstate; /* Sauvegarde d'environnement */ + PyObject *pyobj; /* Objet Python concerné */ + PyObject *args; /* Arguments pour l'appel */ + PyObject *pyret; /* Bilan de consultation */ + GObject *gobj_ret; /* Bilan natif de consultation */ + +#define SCAN_REGISTERED_ITEM_RESOLVE_WRAPPER PYTHON_WRAPPER_DEF \ +( \ + _cmp_rich, "$self, target, ctx, scope, /", \ + METH_VARARGS, \ + "Abstract method used to resolve an item by name.\n" \ + "\n" \ + "The *target* argument provide the name of the searched item;" \ + " *ctx* is a pychrysalide.analysis.scan.ScanContext instance" \ + " providing information about the current state; *scope* is a" \ + " pychrysalide.analysis.scan.ScanScope offering a view on the" \ + " current namespace for variables.\n" \ + "\n" \ + "The result has to be a pychrysalide.analysis.scan.RegisteredItem" \ + " instance on success, or *None* in case of failure." \ +) + + result = false; + + gstate = PyGILState_Ensure(); + + pyobj = pygobject_new(G_OBJECT(item)); + + if (has_python_method(pyobj, "_resolve")) + { + args = PyTuple_New(3); + PyTuple_SetItem(args, 0, PyUnicode_FromString(target)); + PyTuple_SetItem(args, 1, pygobject_new(G_OBJECT(ctx))); + PyTuple_SetItem(args, 2, pygobject_new(G_OBJECT(scope))); + + pyret = run_python_method(pyobj, "_resolve", args); + + if (pyret != NULL) + { + gobj_ret = pygobject_get(pyret); + + if (G_IS_SCAN_REGISTERED_ITEM(gobj_ret)) + { + *out = G_SCAN_REGISTERED_ITEM(gobj_ret); + + g_object_ref(G_OBJECT(*out)); + result = true; + + } + + Py_DECREF(pyret); + + } + + Py_DECREF(args); + + } + + Py_DECREF(pyobj); + + PyGILState_Release(gstate); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la réduction opérée. [OUT] * +* * +* Description : Réduit une expression à une forme plus simple. * +* * +* Retour : Bilan de l'opération : false en cas d'erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool py_scan_registered_item_reduce_wrapper(GScanRegisteredItem *item, GScanContext *ctx, GScanScope *scope, GScanExpression **out) +{ + bool result; /* Bilan à retourner */ + PyGILState_STATE gstate; /* Sauvegarde d'environnement */ + PyObject *pyobj; /* Objet Python concerné */ + PyObject *args; /* Arguments pour l'appel */ + PyObject *pyret; /* Bilan de consultation */ + GObject *gobj_ret; /* Bilan natif de consultation */ + +#define SCAN_REGISTERED_ITEM_REDUCE_WRAPPER PYTHON_WRAPPER_DEF \ +( \ + _cmp_rich, "$self, ctx, scope, /", \ + METH_VARARGS, \ + "Abstract method used to replace the item by an equivalent reduced" \ + " value.\n" \ + "\n" \ + "The *ctx* argument is a pychrysalide.analysis.scan.ScanContext" \ + " instance providing information about the current state; *scope*" \ + " is a pychrysalide.analysis.scan.ScanScope offering a view on the" \ + " current namespace for variables.\n" \ + "\n" \ + "The result has to be a pychrysalide.analysis.scan.ScanExpression" \ + " instance on success, or *None* in case of failure." \ +) + + result = false; + + gstate = PyGILState_Ensure(); + + pyobj = pygobject_new(G_OBJECT(item)); + + if (has_python_method(pyobj, "_reduce")) + { + args = PyTuple_New(2); + PyTuple_SetItem(args, 0, pygobject_new(G_OBJECT(ctx))); + PyTuple_SetItem(args, 1, pygobject_new(G_OBJECT(scope))); + + pyret = run_python_method(pyobj, "_reduce", args); + + if (pyret != NULL) + { + gobj_ret = pygobject_get(pyret); + + if (G_IS_SCAN_EXPRESSION(gobj_ret)) + { + *out = G_SCAN_EXPRESSION(gobj_ret); + + g_object_ref(G_OBJECT(*out)); + result = true; + + } + + Py_DECREF(pyret); + + } + + Py_DECREF(args); + + } + + Py_DECREF(pyobj); + + PyGILState_Release(gstate); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* args = liste d'éventuels arguments fournis. * +* count = taille de cette liste. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la résolution opérée. [OUT] * +* * +* Description : Effectue un appel à une fonction enregistrée. * +* * +* Retour : Bilan de l'opération : false en cas d'erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool py_scan_registered_item_run_call_wrapper(GScanRegisteredItem *item, GScanExpression **args, size_t count, GScanContext *ctx, GScanScope *scope, GObject **out) +{ + bool result; /* Bilan à retourner */ + PyGILState_STATE gstate; /* Sauvegarde d'environnement */ + PyObject *pyobj; /* Objet Python concerné */ + PyObject *sub_args; /* Sous-arguments pour l'appel */ + size_t i; /* Boucle de parcours */ + PyObject *py_args; /* Arguments pour l'appel */ + PyObject *pyret; /* Bilan de consultation */ + GObject *gobj_ret; /* Bilan natif de consultation */ + +#define SCAN_REGISTERED_ITEM_CALL_WRAPPER PYTHON_WRAPPER_DEF \ +( \ + _cmp_rich, "$self, args, ctx, scope, /", \ + METH_VARARGS, \ + "Abstract method used to replace the item and its arguments by an" \ + " equivalent reduced value.\n" \ + "\n" \ + "The *args* argument is a tuple of already reduced" \ + " pychrysalide.analysis.scan.ScanExpression objects; ctx* argument" \ + " is a pychrysalide.analysis.scan.ScanContext instance providing" \ + " information about the current state; *scope* is a" \ + " pychrysalide.analysis.scan.ScanScope offering a view on the" \ + " current namespace for variables.\n" \ + "\n" \ + "The result has to be a pychrysalide.analysis.scan.ScanExpression" \ + " instance on success, or *None* in case of failure." \ +) + + result = false; + + gstate = PyGILState_Ensure(); + + pyobj = pygobject_new(G_OBJECT(item)); + + if (has_python_method(pyobj, "_call")) + { + sub_args = PyTuple_New(count); + + for (i = 0; i < count; i++) + PyTuple_SetItem(sub_args, 1, pygobject_new(G_OBJECT(args[i]))); + + py_args = PyTuple_New(3); + PyTuple_SetItem(py_args, 0, sub_args); + PyTuple_SetItem(py_args, 1, pygobject_new(G_OBJECT(ctx))); + PyTuple_SetItem(py_args, 2, pygobject_new(G_OBJECT(scope))); + + pyret = run_python_method(pyobj, "_call", py_args); + + if (pyret != NULL) + { + gobj_ret = pygobject_get(pyret); + + if (G_IS_OBJECT(gobj_ret)) + { + *out = gobj_ret; + + g_object_ref(G_OBJECT(*out)); + result = true; + + } + + Py_DECREF(pyret); + + } + + Py_DECREF(py_args); + + } + + Py_DECREF(pyobj); + + PyGILState_Release(gstate); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* CONNEXION AVEC L'API DE PYTHON */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * * Paramètres : self = élément d'appel à consulter. * * args = arguments fournis pour l'opération. * * * @@ -99,21 +494,21 @@ static int py_registered_item_init(PyObject *self, PyObject *args, PyObject *kwd * * ******************************************************************************/ -static PyObject *py_registered_item_resolve(PyObject *self, PyObject *args) +static PyObject *py_scan_registered_item_resolve(PyObject *self, PyObject *args) { PyObject *result; /* Bilan à retourner */ const char *target; /* Désignation de la cible */ GScanContext *ctx; /* Contexte d'analyse */ GScanScope *scope; /* Portée de variables locales */ int ret; /* Bilan de lecture des args. */ - GRegisteredItem *item; /* Version native */ + GScanRegisteredItem *item; /* Version native */ bool status; /* Bilan d'exécution */ - GRegisteredItem *resolved; /* Elément trouvé */ + GScanRegisteredItem *resolved; /* Elément trouvé */ -#define REGISTERED_ITEM_RESOLVE_METHOD PYTHON_METHOD_DEF \ +#define SCAN_REGISTERED_ITEM_RESOLVE_METHOD PYTHON_METHOD_DEF \ ( \ resolve, "$self, target, /, ctx=None, scope=None", \ - METH_VARARGS, py_registered_item, \ + METH_VARARGS, py_scan_registered_item, \ "Resolve a name into a scan item." \ "\n" \ "The *target* name is the only mandatory parameter and has to point"\ @@ -137,9 +532,9 @@ static PyObject *py_registered_item_resolve(PyObject *self, PyObject *args) convert_to_scan_context, &ctx); if (!ret) return NULL; - item = G_REGISTERED_ITEM(pygobject_get(self)); + item = G_SCAN_REGISTERED_ITEM(pygobject_get(self)); - status = g_registered_item_resolve(item, target, ctx, scope, &resolved); + status = g_scan_registered_item_resolve(item, target, ctx, scope, &resolved); if (!status) { @@ -178,23 +573,23 @@ static PyObject *py_registered_item_resolve(PyObject *self, PyObject *args) * * ******************************************************************************/ -static PyObject *py_registered_item_get_name(PyObject *self, void *closure) +static PyObject *py_scan_registered_item_get_name(PyObject *self, void *closure) { PyObject *result; /* Décompte à retourner */ - GRegisteredItem *item; /* Version native */ + GScanRegisteredItem *item; /* Version native */ char *name; /* Désignation à convertir */ -#define REGISTERED_ITEM_NAME_ATTRIB PYTHON_GET_DEF_FULL \ +#define SCAN_REGISTERED_ITEM_NAME_ATTRIB PYTHON_GET_DEF_FULL \ ( \ - name, py_registered_item, \ + name, py_scan_registered_item, \ "Name linked to the registered item.\n" \ "\n" \ "The result should be a string, or *None* for the root namespace." \ ) - item = G_REGISTERED_ITEM(pygobject_get(self)); + item = G_SCAN_REGISTERED_ITEM(pygobject_get(self)); - name = g_registered_item_get_name(item); + name = g_scan_registered_item_get_name(item); if (name == NULL) { @@ -224,38 +619,42 @@ static PyObject *py_registered_item_get_name(PyObject *self, void *closure) * * ******************************************************************************/ -PyTypeObject *get_python_registered_item_type(void) +PyTypeObject *get_python_scan_registered_item_type(void) { - static PyMethodDef py_registered_item_methods[] = { - REGISTERED_ITEM_RESOLVE_METHOD, + static PyMethodDef py_scan_registered_item_methods[] = { + SCAN_REGISTERED_ITEM_RESOLVE_WRAPPER, + SCAN_REGISTERED_ITEM_REDUCE_WRAPPER, + SCAN_REGISTERED_ITEM_CALL_WRAPPER, + SCAN_REGISTERED_ITEM_RESOLVE_METHOD, { NULL } }; - static PyGetSetDef py_registered_item_getseters[] = { - REGISTERED_ITEM_NAME_ATTRIB, + static PyGetSetDef py_scan_registered_item_getseters[] = { + SCAN_REGISTERED_ITEM_NAME_ATTRIB_WRAPPER, + SCAN_REGISTERED_ITEM_NAME_ATTRIB, { NULL } }; - static PyTypeObject py_registered_item_type = { + static PyTypeObject py_scan_registered_item_type = { PyVarObject_HEAD_INIT(NULL, 0) - .tp_name = "pychrysalide.analysis.scan.RegisteredItem", + .tp_name = "pychrysalide.analysis.scan.ScanRegisteredItem", .tp_basicsize = sizeof(PyGObject), - .tp_flags = Py_TPFLAGS_DEFAULT, + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_IS_ABSTRACT | Py_TPFLAGS_BASETYPE, - .tp_doc = REGISTERED_ITEM_DOC, + .tp_doc = SCAN_REGISTERED_ITEM_DOC, - .tp_methods = py_registered_item_methods, - .tp_getset = py_registered_item_getseters, + .tp_methods = py_scan_registered_item_methods, + .tp_getset = py_scan_registered_item_getseters, - .tp_init = py_registered_item_init, - .tp_new = py_registered_item_new, + .tp_init = py_scan_registered_item_init, + .tp_new = py_scan_registered_item_new, }; - return &py_registered_item_type; + return &py_scan_registered_item_type; } @@ -264,7 +663,7 @@ PyTypeObject *get_python_registered_item_type(void) * * * Paramètres : - * * * -* Description : Prend en charge l'objet 'pychrysalide...scan.RegisteredItem'.* +* Description : Prend en charge l'objet 'pychrysalide...ScanRegisteredItem'. * * * * Retour : Bilan de l'opération. * * * @@ -272,13 +671,13 @@ PyTypeObject *get_python_registered_item_type(void) * * ******************************************************************************/ -bool ensure_python_registered_item_is_registered(void) +bool ensure_python_scan_registered_item_is_registered(void) { - PyTypeObject *type; /* Type Python 'RegisteredItem' */ + PyTypeObject *type; /* Type 'ScanRegisteredItem' */ PyObject *module; /* Module à recompléter */ PyObject *dict; /* Dictionnaire du module */ - type = get_python_registered_item_type(); + type = get_python_scan_registered_item_type(); if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) { @@ -286,7 +685,7 @@ bool ensure_python_registered_item_is_registered(void) dict = PyModule_GetDict(module); - if (!register_class_for_pygobject(dict, G_TYPE_REGISTERED_ITEM, type)) + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_REGISTERED_ITEM, type)) return false; } @@ -309,11 +708,11 @@ bool ensure_python_registered_item_is_registered(void) * * ******************************************************************************/ -int convert_to_registered_item(PyObject *arg, void *dst) +int convert_to_scan_registered_item(PyObject *arg, void *dst) { int result; /* Bilan à retourner */ - result = PyObject_IsInstance(arg, (PyObject *)get_python_registered_item_type()); + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_registered_item_type()); switch (result) { @@ -327,7 +726,7 @@ int convert_to_registered_item(PyObject *arg, void *dst) break; case 1: - *((GRegisteredItem **)dst) = G_REGISTERED_ITEM(pygobject_get(arg)); + *((GScanRegisteredItem **)dst) = G_SCAN_REGISTERED_ITEM(pygobject_get(arg)); break; default: diff --git a/plugins/pychrysalide/analysis/scan/item.h b/plugins/pychrysalide/analysis/scan/item.h index b3f1661..773908c 100644 --- a/plugins/pychrysalide/analysis/scan/item.h +++ b/plugins/pychrysalide/analysis/scan/item.h @@ -32,13 +32,13 @@ /* Fournit un accès à une définition de type à diffuser. */ -PyTypeObject *get_python_registered_item_type(void); +PyTypeObject *get_python_scan_registered_item_type(void); -/* Prend en charge l'objet 'pychrysalide.analysis.scan.RegisteredItem'. */ -bool ensure_python_registered_item_is_registered(void); +/* Prend en charge l'objet 'pychrysalide.analysis.scan.ScanRegisteredItem'. */ +bool ensure_python_scan_registered_item_is_registered(void); /* Tente de convertir en expression d'évaluation généraliste. */ -int convert_to_registered_item(PyObject *, void *); +int convert_to_scan_registered_item(PyObject *, void *); diff --git a/plugins/pychrysalide/analysis/scan/module.c b/plugins/pychrysalide/analysis/scan/module.c index ff19d92..9ae0e52 100644 --- a/plugins/pychrysalide/analysis/scan/module.c +++ b/plugins/pychrysalide/analysis/scan/module.c @@ -35,6 +35,7 @@ #include "options.h" #include "scanner.h" #include "space.h" +#include "exprs/module.h" #include "patterns/module.h" #include "../../helpers.h" @@ -76,6 +77,7 @@ bool add_analysis_scan_module(PyObject *super) result = (module != NULL); + if (result) result = add_analysis_scan_exprs_module(module); if (result) result = add_analysis_scan_patterns_module(module); if (!result) @@ -107,12 +109,13 @@ bool populate_analysis_scan_module(void) if (result) result = ensure_python_content_scanner_is_registered(); if (result) result = ensure_python_scan_context_is_registered(); if (result) result = ensure_python_scan_expression_is_registered(); - if (result) result = ensure_python_registered_item_is_registered(); + if (result) result = ensure_python_scan_registered_item_is_registered(); if (result) result = ensure_python_scan_options_is_registered(); if (result) result = ensure_python_scan_namespace_is_registered(); if (result) result = populate_scan_module_with_core_methods(); + if (result) result = populate_analysis_scan_exprs_module(); if (result) result = populate_analysis_scan_patterns_module(); assert(result); diff --git a/plugins/pychrysalide/analysis/scan/patterns/modifier.c b/plugins/pychrysalide/analysis/scan/patterns/modifier.c index 4cae011..6547d91 100644 --- a/plugins/pychrysalide/analysis/scan/patterns/modifier.c +++ b/plugins/pychrysalide/analysis/scan/patterns/modifier.c @@ -91,19 +91,27 @@ static int py_scan_token_modifier_init(PyObject *self, PyObject *args, PyObject static PyObject *py_scan_token_modifier_transform(PyObject *self, PyObject *args) { PyObject *result; /* Bilan à faire remonter */ - const char *data; /* Séquence d'octets à traiter */ + PyObject *py_src; /* Motifs Python en entrée */ + PyObject *py_arg; /* Eventuel paramètre de config*/ + sized_binary_t src; /* Entrée au format adapté */ Py_ssize_t len; /* Quantité de ces données */ int ret; /* Bilan de lecture des args. */ - sized_binary_t src; /* Entrée au format adapté */ + sized_binary_t *src_list; /* Entrées au format adapté */ + size_t scount; /* Taille de cette liste */ + bool dyn_src; /* Allocation dynamique ? */ + Py_ssize_t size; /* Taille d'une séquence */ + Py_ssize_t k; /* Boucle de parcours #1 */ + PyObject *item; /* Elément de liste de motifs */ + modifier_arg_t arg; /* Eventuelle précision */ GScanTokenModifier *modifier; /* Version native de l'instance*/ sized_binary_t *dest; /* Liste des nouvelles chaînes */ - size_t count; /* Taille de cette liste */ + size_t dcount; /* Taille de cette liste */ bool status; /* Bilan de l'opération */ - size_t i; /* Boucle de parcours */ + size_t i; /* Boucle de parcours #2 */ #define SCAN_TOKEN_MODIFIER_TRANSFORM_METHOD PYTHON_METHOD_DEF \ ( \ - transform, "$self, data", \ + transform, "$self, data, /, arg", \ METH_VARARGS, py_scan_token_modifier, \ "Transform data from a byte pattern for an incoming scan.\n" \ "\n" \ @@ -113,21 +121,105 @@ static PyObject *py_scan_token_modifier_transform(PyObject *self, PyObject *args " *None* in case of error." \ ) - ret = PyArg_ParseTuple(args, "s#", &data, &len); + py_arg = NULL; + + ret = PyArg_ParseTuple(args, "O|O", &py_src, &py_arg); if (!ret) return NULL; - src.data = (char *)data; - src.len = len; + /* Constitution des motifs d'entrée */ + + if (PyBytes_Check(py_src)) + { + ret = PyBytes_AsStringAndSize(py_src, &src.data, &len); + if (ret == -1) return NULL; + + src.len = len; + + src_list = &src; + scount = 1; + + dyn_src = false; + + } + + else if (PySequence_Check(py_src)) + { + size = PySequence_Size(py_src); + + src_list = malloc(size * sizeof(sized_binary_t)); + scount = size; + + dyn_src = true; + + for (k = 0; k < size; k++) + { + item = PySequence_ITEM(py_src, k); + + if (PyBytes_Check(item)) + { + ret = PyBytes_AsStringAndSize(item, &src_list[k].data, &len); + if (ret == -1) return NULL; + + src_list[k].len = len; + + } + else + { + free(src_list); + + PyErr_SetString(PyExc_TypeError, "lists of items other than bytes are not supported"); + return NULL; + } + + } + + } + + else + { + PyErr_SetString(PyExc_TypeError, "only bytes and lists of bytes are expected as input for modifiers"); + return NULL; + } + + /* Récupération d'une éventuelle précision opérationnelle */ + + if (py_arg != NULL) + { + if (PyLong_Check(py_arg)) + { + arg.type = MAT_UNSIGNED_INTEGER; + arg.value.u_integer = PyLong_AsUnsignedLongLong(py_arg); + } + + else + { + if (dyn_src) + free(src_list); + + PyErr_SetString(PyExc_TypeError, "unable to handle the argument type for calling a modifier"); + return NULL; + + } + + } + + /* Création des nouveaux motifs */ modifier = G_SCAN_TOKEN_MODIFIER(pygobject_get(self)); - status = g_scan_token_modifier_transform(modifier, &src, &dest, &count); + if (py_arg == NULL) + status = g_scan_token_modifier_transform(modifier, src_list, scount, &dest, &dcount); + else + status = g_scan_token_modifier_transform_with_arg(modifier, src_list, scount, &arg, &dest, &dcount); + + if (dyn_src) + free(src_list); if (status) { - result = PyTuple_New(count); + result = PyTuple_New(dcount); - for (i = 0; i < count; i++) + for (i = 0; i < dcount; i++) { PyTuple_SetItem(result, i, PyBytes_FromStringAndSize(dest[i].data, dest[i].len)); exit_szstr(&dest[i]); @@ -226,7 +318,7 @@ PyTypeObject *get_python_scan_token_modifier_type(void) .tp_name = "pychrysalide.analysis.scan.patterns.TokenModifier", .tp_basicsize = sizeof(PyGObject), - .tp_flags = Py_TPFLAGS_DEFAULT, + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, .tp_doc = SCAN_TOKEN_MODIFIER_DOC, diff --git a/plugins/pychrysalide/analysis/scan/patterns/modifiers/Makefile.am b/plugins/pychrysalide/analysis/scan/patterns/modifiers/Makefile.am index baf7ed5..ae53e45 100644 --- a/plugins/pychrysalide/analysis/scan/patterns/modifiers/Makefile.am +++ b/plugins/pychrysalide/analysis/scan/patterns/modifiers/Makefile.am @@ -6,7 +6,8 @@ libpychrysaanalysisscanpatternsmodifiers_la_SOURCES = \ list.h list.c \ module.h module.c \ plain.h plain.c \ - rev.h rev.c + rev.h rev.c \ + xor.h xor.c libpychrysaanalysisscanpatternsmodifiers_la_CFLAGS = $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) $(TOOLKIT_CFLAGS) \ -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT diff --git a/plugins/pychrysalide/analysis/scan/patterns/modifiers/hex.c b/plugins/pychrysalide/analysis/scan/patterns/modifiers/hex.c index d0d1e1f..503580d 100644 --- a/plugins/pychrysalide/analysis/scan/patterns/modifiers/hex.c +++ b/plugins/pychrysalide/analysis/scan/patterns/modifiers/hex.c @@ -131,7 +131,7 @@ PyTypeObject *get_python_scan_hex_modifier_type(void) * * * Paramètres : - * * * -* Description : Prend en charge l'objet 'pychrysalide....HexModifier'. * +* Description : Prend en charge l'objet 'pychrysalide....HexModifier'. * * * * Retour : Bilan de l'opération. * * * @@ -141,7 +141,7 @@ PyTypeObject *get_python_scan_hex_modifier_type(void) bool ensure_python_scan_hex_modifier_is_registered(void) { - PyTypeObject *type; /* Type Python 'HexModifier' */ + PyTypeObject *type; /* Type Python 'HexModifier' */ PyObject *module; /* Module à recompléter */ PyObject *dict; /* Dictionnaire du module */ diff --git a/plugins/pychrysalide/analysis/scan/patterns/modifiers/module.c b/plugins/pychrysalide/analysis/scan/patterns/modifiers/module.c index 1e9bda7..ae450dc 100644 --- a/plugins/pychrysalide/analysis/scan/patterns/modifiers/module.c +++ b/plugins/pychrysalide/analysis/scan/patterns/modifiers/module.c @@ -32,6 +32,7 @@ #include "list.h" #include "plain.h" #include "rev.h" +#include "xor.h" #include "../../../../helpers.h" @@ -102,6 +103,7 @@ bool populate_analysis_scan_patterns_modifiers_module(void) if (result) result = ensure_python_scan_modifier_list_is_registered(); if (result) result = ensure_python_scan_plain_modifier_is_registered(); if (result) result = ensure_python_scan_reverse_modifier_is_registered(); + if (result) result = ensure_python_scan_xor_modifier_is_registered(); assert(result); diff --git a/plugins/pychrysalide/analysis/scan/patterns/modifiers/rev.c b/plugins/pychrysalide/analysis/scan/patterns/modifiers/rev.c index 6ee350c..841e929 100644 --- a/plugins/pychrysalide/analysis/scan/patterns/modifiers/rev.c +++ b/plugins/pychrysalide/analysis/scan/patterns/modifiers/rev.c @@ -141,7 +141,7 @@ PyTypeObject *get_python_scan_reverse_modifier_type(void) bool ensure_python_scan_reverse_modifier_is_registered(void) { - PyTypeObject *type; /* Type Python 'HexModifier' */ + PyTypeObject *type; /* Type Python ReverseModifier */ PyObject *module; /* Module à recompléter */ PyObject *dict; /* Dictionnaire du module */ diff --git a/plugins/pychrysalide/analysis/scan/patterns/modifiers/xor.c b/plugins/pychrysalide/analysis/scan/patterns/modifiers/xor.c new file mode 100644 index 0000000..17a32f4 --- /dev/null +++ b/plugins/pychrysalide/analysis/scan/patterns/modifiers/xor.c @@ -0,0 +1,210 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * xor.c - équivalent Python du fichier "analysis/scan/patterns/modifiers/xor.c" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "xor.h" + + +#include <pygobject.h> + + +#include <i18n.h> +#include <analysis/scan/patterns/modifiers/xor.h> + + +#include "../modifier.h" +#include "../../../../access.h" +#include "../../../../helpers.h" + + + +CREATE_DYN_CONSTRUCTOR(scan_xor_modifier, G_TYPE_SCAN_XOR_MODIFIER); + +/* Initialise une instance sur la base du dérivé de GObject. */ +static int py_scan_xor_modifier_init(PyObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : self = objet à initialiser (théoriquement). * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Initialise une instance sur la base du dérivé de GObject. * +* * +* Retour : 0. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int py_scan_xor_modifier_init(PyObject *self, PyObject *args, PyObject *kwds) +{ + int ret; /* Bilan de lecture des args. */ + +#define SCAN_XOR_MODIFIER_DOC \ + "The *XorModifier* class transforms a byte pattern by XORing bytes.\n" \ + "\n" \ + "Instances can be created using the following constructor:\n" \ + "\n" \ + " XorModifier()" + + /* Initialisation d'un objet GLib */ + + ret = forward_pygobjet_init(self); + if (ret == -1) return -1; + + return 0; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Fournit un accès à une définition de type à diffuser. * +* * +* Retour : Définition d'objet pour Python. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyTypeObject *get_python_scan_xor_modifier_type(void) +{ + static PyMethodDef py_scan_xor_modifier_methods[] = { + { NULL } + }; + + static PyGetSetDef py_scan_xor_modifier_getseters[] = { + { NULL } + }; + + static PyTypeObject py_scan_xor_modifier_type = { + + PyVarObject_HEAD_INIT(NULL, 0) + + .tp_name = "pychrysalide.analysis.scan.patterns.modifiers.XorModifier", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = SCAN_XOR_MODIFIER_DOC, + + .tp_methods = py_scan_xor_modifier_methods, + .tp_getset = py_scan_xor_modifier_getseters, + + .tp_init = py_scan_xor_modifier_init, + .tp_new = py_scan_xor_modifier_new, + + }; + + return &py_scan_xor_modifier_type; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Prend en charge l'objet 'pychrysalide....XorModifier'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_python_scan_xor_modifier_is_registered(void) +{ + PyTypeObject *type; /* Type Python XorModifier */ + PyObject *module; /* Module à recompléter */ + PyObject *dict; /* Dictionnaire du module */ + + type = get_python_scan_xor_modifier_type(); + + if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) + { + module = get_access_to_python_module("pychrysalide.analysis.scan.patterns.modifiers"); + + dict = PyModule_GetDict(module); + + if (!ensure_python_scan_token_modifier_is_registered()) + return false; + + if (!register_class_for_pygobject(dict, G_TYPE_SCAN_XOR_MODIFIER, type)) + return false; + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : arg = argument quelconque à tenter de convertir. * +* dst = destination des valeurs récupérées en cas de succès. * +* * +* Description : Tente de convertir en transformation d'octets par inverse. * +* * +* Retour : Bilan de l'opération, voire indications supplémentaires. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int convert_to_scan_xor_modifier(PyObject *arg, void *dst) +{ + int result; /* Bilan à retourner */ + + result = PyObject_IsInstance(arg, (PyObject *)get_python_scan_xor_modifier_type()); + + switch (result) + { + case -1: + /* L'exception est déjà fixée par Python */ + result = 0; + break; + + case 0: + PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to XOR modifier"); + break; + + case 1: + *((GScanXorModifier **)dst) = G_SCAN_XOR_MODIFIER(pygobject_get(arg)); + break; + + default: + assert(false); + break; + + } + + return result; + +} diff --git a/plugins/pychrysalide/analysis/scan/patterns/modifiers/xor.h b/plugins/pychrysalide/analysis/scan/patterns/modifiers/xor.h new file mode 100644 index 0000000..7b9bb69 --- /dev/null +++ b/plugins/pychrysalide/analysis/scan/patterns/modifiers/xor.h @@ -0,0 +1,45 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * xor.h - équivalent Python du fichier "analysis/scan/patterns/modifiers/xor.h" + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_PATTERNS_MODIFIERS_XOR_H +#define _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_PATTERNS_MODIFIERS_XOR_H + + +#include <Python.h> +#include <stdbool.h> + + + +/* Fournit un accès à une définition de type à diffuser. */ +PyTypeObject *get_python_scan_xor_modifier_type(void); + +/* Prend en charge l'objet 'pychrysalide.analysis.scan.patterns.modifiers.XorModifier'. */ +bool ensure_python_scan_xor_modifier_is_registered(void); + +/* Tente de convertir en transformation d'octets par inverse. */ +int convert_to_scan_xor_modifier(PyObject *, void *); + + + +#endif /* _PLUGINS_PYCHRYSALIDE_ANALYSIS_SCAN_PATTERNS_MODIFIERS_XOR_H */ diff --git a/plugins/pychrysalide/analysis/scan/scanner.c b/plugins/pychrysalide/analysis/scan/scanner.c index e2d5a18..bc58c9a 100644 --- a/plugins/pychrysalide/analysis/scan/scanner.c +++ b/plugins/pychrysalide/analysis/scan/scanner.c @@ -76,6 +76,7 @@ static PyObject *py_content_scanner_get_filename(PyObject *, void *); static int py_content_scanner_init(PyObject *self, PyObject *args, PyObject *kwds) { const char *text; /* Contenu de règles à traiter */ + Py_ssize_t len; /* Taille de ce nom */ const char *filename; /* Fichier de définitions */ int ret; /* Bilan de lecture des args. */ GContentScanner *scanner; /* Création GLib à transmettre */ @@ -100,9 +101,10 @@ static int py_content_scanner_init(PyObject *self, PyObject *args, PyObject *kwd /* Récupération des paramètres */ text = NULL; + len = 0; filename = NULL; - ret = PyArg_ParseTupleAndKeywords(args, kwds, "|ss", kwlist, &text, &filename); + ret = PyArg_ParseTupleAndKeywords(args, kwds, "|s#s", kwlist, &text, &len, &filename); if (!ret) return -1; /* Initialisation d'un objet GLib */ @@ -116,7 +118,7 @@ static int py_content_scanner_init(PyObject *self, PyObject *args, PyObject *kwd if (text != NULL) { - if (!g_content_scanner_create_from_text(scanner, text)) + if (!g_content_scanner_create_from_text(scanner, text, len)) { PyErr_SetString(PyExc_ValueError, _("Unable to create content scanner.")); return -1; diff --git a/plugins/pychrysalide/analysis/scan/space.c b/plugins/pychrysalide/analysis/scan/space.c index 79e0c28..6ea87b8 100644 --- a/plugins/pychrysalide/analysis/scan/space.c +++ b/plugins/pychrysalide/analysis/scan/space.c @@ -122,7 +122,7 @@ static int py_scan_namespace_init(PyObject *self, PyObject *args, PyObject *kwds static PyObject *py_scan_namespace_register_item(PyObject *self, PyObject *args) { PyObject *result; /* Bilan à retourner */ - GRegisteredItem *item; /* Elément d'évaluation à lier */ + GScanRegisteredItem *item; /* Elément d'évaluation à lier */ int ret; /* Bilan de lecture des args. */ GScanNamespace *space; /* Version native */ bool status; /* Bilan de l'opération */ @@ -140,7 +140,7 @@ static PyObject *py_scan_namespace_register_item(PyObject *self, PyObject *args) " *True* in case of success, *False* for a failure.\n" \ ) - ret = PyArg_ParseTuple(args, "O&", convert_to_registered_item, &item); + ret = PyArg_ParseTuple(args, "O&", convert_to_scan_registered_item, &item); if (!ret) return NULL; space = G_SCAN_NAMESPACE(pygobject_get(self)); @@ -185,7 +185,7 @@ PyTypeObject *get_python_scan_namespace_type(void) .tp_name = "pychrysalide.analysis.scan.ScanNamespace", .tp_basicsize = sizeof(PyGObject), - .tp_flags = Py_TPFLAGS_DEFAULT, + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, .tp_doc = SCAN_NAMESPACE_DOC, diff --git a/plugins/pychrysalide/common/bits.c b/plugins/pychrysalide/common/bits.c index 9275996..a127251 100644 --- a/plugins/pychrysalide/common/bits.c +++ b/plugins/pychrysalide/common/bits.c @@ -98,6 +98,9 @@ static PyObject *py_bitfield_test_zeros_with(PyObject *, PyObject *); /* Teste l'état à 1 de bits selon un masque de bits. */ static PyObject *py_bitfield_test_ones_with(PyObject *, PyObject *); +/* Recherche un prochain bit défini dans un champ de bits. */ +static PyObject *py_bitfield_find_next_set(PyObject *, PyObject *); + /* Indique la taille d'un champ de bits donné. */ static PyObject *py_bitfield_get_size(PyObject *, void *); @@ -891,6 +894,58 @@ static PyObject *py_bitfield_test_ones_with(PyObject *self, PyObject *args) /****************************************************************************** * * +* Paramètres : self = champ de bits à consulter. * +* args = arguments fournis pour la conduite de l'opération. * +* * +* Description : Recherche un prochain bit défini dans un champ de bits. * +* * +* Retour : Position d'un bit à 1 ou taille du champ si plus aucun. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_bitfield_find_next_set(PyObject *self, PyObject *args) +{ + PyObject *result; /* Bilan à faire remonter */ + unsigned long prev; /* Indice d'un bit à écarter */ + int ret; /* Bilan de lecture des args. */ + py_bitfield_t *bf; /* Instance à manipuler */ + size_t found; /* Indice de bit trouvé */ + +#define BITFIELD_FIND_NEXT_SET_METHOD PYTHON_METHOD_DEF \ +( \ + find_next_set, "$self, /, prev=None", \ + METH_VARARGS, py_bitfield, \ + "Find the index of the next set bit in the bit field.\n"\ + "\n" \ + "If provided, the *prev* argument is the position of" \ + " a previously found bit, which gets discarded for the" \ + " current call.\n" \ + "\n" \ + "The result is a integer value: a valid index inside" \ + " the bit field, or the bit field size if no set bit" \ + " is found." \ +) + + prev = (unsigned long)-1; + + ret = PyArg_ParseTuple(args, "|k", &prev); + if (!ret) return NULL; + + bf = (py_bitfield_t *)self; + + found = find_next_set_in_bit_field(bf->native, prev == (unsigned long)-1 ? NULL : (size_t []) { prev }); + + result = PyLong_FromSize_t(found); + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : self = classe représentant une instruction. * * closure = adresse non utilisée ici. * * * @@ -998,6 +1053,7 @@ PyTypeObject *get_python_bitfield_type(void) BITFIELD_TEST_ALL_METHOD, BITFIELD_TEST_ZEROS_WITH_METHOD, BITFIELD_TEST_ONES_WITH_METHOD, + BITFIELD_FIND_NEXT_SET_METHOD, { NULL } }; diff --git a/plugins/pychrysalide/core.c b/plugins/pychrysalide/core.c index 771d129..08f570f 100644 --- a/plugins/pychrysalide/core.c +++ b/plugins/pychrysalide/core.c @@ -64,8 +64,10 @@ #include "debug/module.h" #include "format/module.h" #include "glibext/module.h" -#include "gtkext/module.h" -#include "gui/module.h" +#ifdef INCLUDE_GTK_SUPPORT +# include "gtkext/module.h" +# include "gui/module.h" +#endif #include "mangling/module.h" #include "plugins/module.h" #include "plugins/plugin.h" @@ -101,7 +103,9 @@ static bool is_current_abi_suitable(void); static bool install_metaclass_for_python_gobjects(void); /* Définit la version attendue de GTK à charger dans Python. */ +#ifdef INCLUDE_GTK_SUPPORT static bool set_version_for_gtk_namespace(const char *); +#endif /* Point de sortie pour l'initialisation de Python. */ static void PyExit_pychrysalide(void); @@ -423,7 +427,7 @@ static bool install_metaclass_for_python_gobjects(void) * Remarques : - * * * ******************************************************************************/ - +#ifdef INCLUDE_GTK_SUPPORT static bool set_version_for_gtk_namespace(const char *version) { bool result; /* Bilan à retourner */ @@ -459,6 +463,7 @@ static bool set_version_for_gtk_namespace(const char *version) return result; } +#endif /****************************************************************************** @@ -584,8 +589,10 @@ PyMODINIT_FUNC PyInit_pychrysalide(void) if (!install_metaclass_for_python_gobjects()) goto exit; +#ifdef INCLUDE_GTK_SUPPORT if (!set_version_for_gtk_namespace("3.0")) goto exit; +#endif if (!load_all_core_components(true)) { @@ -800,11 +807,11 @@ static void load_python_plugins(GPluginModule *plugin) if (dir != NULL) { - closedir(dir); + closedir(dir); - edir = get_effective_directory(PLUGINS_DATA_DIR G_DIR_SEPARATOR_S "python"); - extend_python_path(edir); - free(edir); + edir = get_effective_directory(PLUGINS_DATA_DIR G_DIR_SEPARATOR_S "python"); + extend_python_path(edir); + free(edir); } @@ -821,7 +828,7 @@ static void load_python_plugins(GPluginModule *plugin) save = NULL; /* gcc... */ for (path = strtok_r(paths, ":", &save); - path != NULL; + path != NULL; path = strtok_r(NULL, ":", &save)) { dir = opendir(path); @@ -900,7 +907,7 @@ static void load_python_plugins(GPluginModule *plugin) } - closedir(dir); + closedir(dir); } @@ -944,8 +951,6 @@ G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *plugin) gstate = PyGILState_Ensure(); - PySys_SetArgv(0, (wchar_t *[]) { NULL }); - _chrysalide_module = PyImport_ImportModule("pychrysalide"); /** diff --git a/plugins/pychrysalide/plugins/plugin.c b/plugins/pychrysalide/plugins/plugin.c index 340c617..b013345 100644 --- a/plugins/pychrysalide/plugins/plugin.c +++ b/plugins/pychrysalide/plugins/plugin.c @@ -1796,8 +1796,6 @@ GPluginModule *create_python_plugin(const char *modname, const char *filename) if (class == NULL) goto no_class; if (!PyType_Check(class->ob_type)) goto no_class; - Py_INCREF(class); - instance = PyObject_CallFunction(class, NULL); if (instance == NULL) goto no_instance; diff --git a/plugins/python/scripting/core.py b/plugins/python/scripting/core.py index ff912ed..135edb4 100644 --- a/plugins/python/scripting/core.py +++ b/plugins/python/scripting/core.py @@ -1,4 +1,7 @@ +import gi +gi.require_version('Gtk', '3.0') + from gi.repository import GLib, Gtk import os diff --git a/src/Makefile.am b/src/Makefile.am index 4aed32e..9dc053e 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -54,11 +54,12 @@ libchrysacore_la_LIBADD = \ # -ldl: dladdr(), dlerror() +# -lm : pow() libchrysacore_la_LDFLAGS = \ - -avoid-version -ldl \ + -avoid-version -ldl -lm \ $(TOOLKIT_LIBS) $(LIBXML_LIBS) \ $(LIBSQLITE_LIBS) $(LIBARCHIVE_LIBS) \ - $(LIBSSL_LIBS) + $(LIBSSL_LIBS) $(LIBHS_LIBS) if BUILD_CURL_SUPPORT diff --git a/src/analysis/content-int.h b/src/analysis/content-int.h index 4ef64f9..3475b3f 100644 --- a/src/analysis/content-int.h +++ b/src/analysis/content-int.h @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * content-int.h - définitions internes propres aux contenus binaires * - * Copyright (C) 2015-2019 Cyrille Bagard + * Copyright (C) 2015-2023 Cyrille Bagard * * This file is part of Chrysalide. * @@ -26,6 +26,7 @@ #include "content.h" +#include "storage/serialize-int.h" @@ -83,11 +84,24 @@ typedef bool (* read_uleb128_fc) (const GBinContent *, vmpa2t *, uleb128_t *); /* Lit un nombre signé encodé au format LEB128. */ typedef bool (* read_leb128_fc) (const GBinContent *, vmpa2t *, leb128_t *); +/* Charge un objet depuis une mémoire tampon. */ +typedef bool (* load_content_cb) (GBinContent *, GObjectStorage *, packed_buffer_t *); -/* Accès à un contenu binaire quelconque (interface) */ -struct _GBinContentIface +/* Sauvegarde un objet dans une mémoire tampon. */ +typedef bool (* store_content_cb) (const GBinContent *, GObjectStorage *, packed_buffer_t *); + + +/* Accès à un contenu binaire quelconque (instance) */ +struct _GBinContent { - GTypeInterface base_iface; /* A laisser en premier */ + GObject parent; /* A laisser en premier */ + +}; + +/* Accès à un contenu binaire quelconque (classe) */ +struct _GBinContentClass +{ + GObjectClass parent; /* A laisser en premier */ set_content_attributes set_attribs; /* Enregistrement d'attributs */ get_content_attributes get_attribs; /* Fourniture d'attributs */ @@ -116,11 +130,10 @@ struct _GBinContentIface read_uleb128_fc read_uleb128; /* Lecture d'un LEB non signé */ read_leb128_fc read_leb128; /* Lecture d'un LEB signé */ -}; - + load_content_cb load; /* Chargement */ + store_content_cb store; /* Enregistrement */ -/* Redéfinition */ -typedef GBinContentIface GBinContentInterface; +}; diff --git a/src/analysis/content.c b/src/analysis/content.c index 6d8075c..e12237f 100644 --- a/src/analysis/content.c +++ b/src/analysis/content.c @@ -35,20 +35,114 @@ -/* Procède à l'initialisation de l'interface de rassemblement. */ -static void g_binary_content_default_init(GBinContentInterface *); +/* -------------------------- ENSEMBLE DE DONNEES BINAIRES -------------------------- */ +/* Initialise la classe des contenus binaires à parcourir. */ +static void g_binary_content_class_init(GBinContentClass *); -/* Détermine le type d'une interface pour la lecture de binaire. */ -G_DEFINE_INTERFACE(GBinContent, g_binary_content, G_TYPE_OBJECT); +/* Initialise l'instance de contenu binaire à parcourir. */ +static void g_binary_content_init(GBinContent *); + +/* Procède à l'initialisation de l'interface de sérialisation. */ +static void g_binary_content_serializable_interface_init(GSerializableObjectIface *); + +/* Supprime toutes les références externes. */ +static void g_binary_content_dispose(GBinContent *); + +/* Procède à la libération totale de la mémoire. */ +static void g_binary_content_finalize(GBinContent *); + + + +/* -------------------- CONSERVATION ET RECHARGEMENT DES DONNEES -------------------- */ + + +/* Charge un contenu depuis une mémoire tampon. */ +static bool g_binary_content_load(GBinContent *, GObjectStorage *, packed_buffer_t *); + +/* Sauvegarde un contenu dans une mémoire tampon. */ +static bool g_binary_content_store(const GBinContent *, GObjectStorage *, packed_buffer_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* ENSEMBLE DE DONNEES BINAIRES */ +/* ---------------------------------------------------------------------------------- */ + + +/* Détermine le type d'un contenu binaire à parcourir. */ +G_DEFINE_TYPE_WITH_CODE(GBinContent, g_binary_content, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE(G_TYPE_SERIALIZABLE_OBJECT, g_binary_content_serializable_interface_init)); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des contenus binaires à parcourir. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_binary_content_class_init(GBinContentClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_binary_content_dispose; + object->finalize = (GObjectFinalizeFunc)g_binary_content_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : content = instance à initialiser. * +* * +* Description : Initialise l'instance de contenu binaire à parcourir. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_binary_content_init(GBinContent *content) +{ + +} /****************************************************************************** * * * Paramètres : iface = interface GLib à initialiser. * * * -* Description : Procède à l'initialisation de l'interface de rassemblement. * +* Description : Procède à l'initialisation de l'interface de sérialisation. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_binary_content_serializable_interface_init(GSerializableObjectIface *iface) +{ + iface->load = (load_serializable_object_cb)g_binary_content_load; + iface->store = (store_serializable_object_cb)g_binary_content_store; + +} + + +/****************************************************************************** +* * +* Paramètres : content = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * * * * Retour : - * * * @@ -56,8 +150,28 @@ G_DEFINE_INTERFACE(GBinContent, g_binary_content, G_TYPE_OBJECT); * * ******************************************************************************/ -static void g_binary_content_default_init(GBinContentInterface *iface) +static void g_binary_content_dispose(GBinContent *content) { + G_OBJECT_CLASS(g_binary_content_parent_class)->dispose(G_OBJECT(content)); + +} + + +/****************************************************************************** +* * +* Paramètres : content = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_binary_content_finalize(GBinContent *content) +{ + G_OBJECT_CLASS(g_binary_content_parent_class)->finalize(G_OBJECT(content)); } @@ -77,11 +191,11 @@ static void g_binary_content_default_init(GBinContentInterface *iface) void g_binary_content_set_attributes(GBinContent *content, GContentAttributes *attribs) { - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - iface->set_attribs(content, attribs); + class->set_attribs(content, attribs); } @@ -101,11 +215,11 @@ void g_binary_content_set_attributes(GBinContent *content, GContentAttributes *a GContentAttributes *g_binary_content_get_attributes(const GBinContent *content) { GContentAttributes *result; /* Instance à retourner */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->get_attribs(content); + result = class->get_attribs(content); return result; @@ -127,11 +241,11 @@ GContentAttributes *g_binary_content_get_attributes(const GBinContent *content) GBinContent *g_binary_content_get_root(GBinContent *content) { GBinContent *result; /* Contenu en place à renvoyer */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->get_root(content); + result = class->get_root(content); return result; @@ -154,11 +268,11 @@ GBinContent *g_binary_content_get_root(GBinContent *content) char *g_binary_content_describe(const GBinContent *content, bool full) { char *result; /* Description à retourner */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->describe(content, full); + result = class->describe(content, full); return result; @@ -181,7 +295,7 @@ const gchar *g_binary_content_get_checksum(GBinContent *content) { const gchar *result; /* Empreinte à retourner */ GChecksum *checksum; /* Calcul de l'empreinte */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ checksum = g_object_get_data(G_OBJECT(content), "checksum"); @@ -192,9 +306,9 @@ const gchar *g_binary_content_get_checksum(GBinContent *content) g_checksum_reset(checksum); - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - iface->compute_checksum(content, checksum); + class->compute_checksum(content, checksum); g_object_set_data_full(G_OBJECT(content), "checksum", checksum, (GDestroyNotify)g_checksum_free); @@ -221,11 +335,11 @@ const gchar *g_binary_content_get_checksum(GBinContent *content) phys_t g_binary_content_compute_size(const GBinContent *content) { - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - return iface->compute_size(content); + return class->compute_size(content); } @@ -245,11 +359,11 @@ phys_t g_binary_content_compute_size(const GBinContent *content) void g_binary_content_compute_start_pos(const GBinContent *content, vmpa2t *pos) { - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - return iface->compute_start_pos(content, pos); + return class->compute_start_pos(content, pos); } @@ -269,11 +383,11 @@ void g_binary_content_compute_start_pos(const GBinContent *content, vmpa2t *pos) void g_binary_content_compute_end_pos(const GBinContent *content, vmpa2t *pos) { - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - return iface->compute_end_pos(content, pos); + return class->compute_end_pos(content, pos); } @@ -294,11 +408,11 @@ void g_binary_content_compute_end_pos(const GBinContent *content, vmpa2t *pos) bool g_binary_content_seek(const GBinContent *content, vmpa2t *addr, phys_t length) { - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - return iface->seek(content, addr, length); + return class->seek(content, addr, length); } @@ -319,11 +433,11 @@ bool g_binary_content_seek(const GBinContent *content, vmpa2t *addr, phys_t leng const bin_t *g_binary_content_get_raw_access(const GBinContent *content, vmpa2t *addr, phys_t length) { - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - return iface->get_raw_access(content, addr, length); + return class->get_raw_access(content, addr, length); } @@ -346,11 +460,99 @@ const bin_t *g_binary_content_get_raw_access(const GBinContent *content, vmpa2t bool g_binary_content_read_raw(const GBinContent *content, vmpa2t *addr, phys_t length, bin_t *out) { bool result; /* Bilan à remonter */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->read_raw(content, addr, length, out); + result = class->read_raw(content, addr, length, out); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à venir lire. * +* addr = position de la tête de lecture complète. * +* size = quantité de bits à lire. * +* endian = ordre des bits dans la source. * +* val = lieu d'enregistrement de la lecture. [OUT] * +* * +* Description : Lit un nombre non signé sur deux octets. * +* * +* Retour : Bilan de l'opération : true en cas de succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_binary_content_read_bits(const GBinContent *content, ext_vmpa_t *addr, uint8_t size, SourceEndian endian, uint64_t *val) +{ + bool result; /* Bilan de lecture à renvoyer */ + vmpa2t pos; /* Tête de lecture courante */ + uint8_t data; /* Données à parcourir */ + uint8_t i; /* Boucle de parcours */ + uint8_t remaining; /* Nombre de bits disponibles */ + uint64_t bit; /* Nouveau bit à intégrer */ + + assert(addr->consumed_extra_bits < 8); + assert(size <= 64); + + if (addr->consumed_extra_bits >= 8 || size > 64) + return false; + + copy_vmpa(&pos, &addr->base); + + result = g_binary_content_read_u8(content, &pos, &data); + if (!result) goto exit; + + remaining = 8 - addr->consumed_extra_bits; + + *val = 0; + + for (i = 0; i < size; i++) + { + if (remaining == 0) + { + result = g_binary_content_read_u8(content, &pos, &data); + if (!result) goto exit; + + remaining = 8; + + } + + bit = (data >> (remaining - 1)) & 0x1; + + remaining--; + + switch (endian) + { + case SRE_LITTLE: + *val |= (bit << i); + break; + + case SRE_BIG: + *val |= (bit << (size - i - 1)); + break; + + default: + assert(false); + result = false; + break; + + } + + } + + if (result) + { + advance_vmpa(&addr->base, get_phy_addr(&pos) - get_phy_addr(&addr->base) - 1); + addr->consumed_extra_bits = 8 - remaining; + + } + + exit: return result; @@ -375,11 +577,11 @@ bool g_binary_content_read_raw(const GBinContent *content, vmpa2t *addr, phys_t bool g_binary_content_read_u4(const GBinContent *content, vmpa2t *addr, bool *low, uint8_t *val) { bool result; /* Bilan à remonter */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->read_u4(content, addr, low, val); + result = class->read_u4(content, addr, low, val); return result; @@ -404,11 +606,11 @@ bool g_binary_content_read_u4(const GBinContent *content, vmpa2t *addr, bool *lo bool g_binary_content_read_u8(const GBinContent *content, vmpa2t *addr, uint8_t *val) { bool result; /* Bilan à remonter */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->read_u8(content, addr, val); + result = class->read_u8(content, addr, val); return result; @@ -433,11 +635,11 @@ bool g_binary_content_read_u8(const GBinContent *content, vmpa2t *addr, uint8_t bool g_binary_content_read_u16(const GBinContent *content, vmpa2t *addr, SourceEndian endian, uint16_t *val) { bool result; /* Bilan à remonter */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->read_u16(content, addr, endian, val); + result = class->read_u16(content, addr, endian, val); return result; @@ -462,11 +664,11 @@ bool g_binary_content_read_u16(const GBinContent *content, vmpa2t *addr, SourceE bool g_binary_content_read_u32(const GBinContent *content, vmpa2t *addr, SourceEndian endian, uint32_t *val) { bool result; /* Bilan à remonter */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->read_u32(content, addr, endian, val); + result = class->read_u32(content, addr, endian, val); return result; @@ -491,11 +693,11 @@ bool g_binary_content_read_u32(const GBinContent *content, vmpa2t *addr, SourceE bool g_binary_content_read_u64(const GBinContent *content, vmpa2t *addr, SourceEndian endian, uint64_t *val) { bool result; /* Bilan à remonter */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->read_u64(content, addr, endian, val); + result = class->read_u64(content, addr, endian, val); return result; @@ -519,11 +721,11 @@ bool g_binary_content_read_u64(const GBinContent *content, vmpa2t *addr, SourceE bool g_binary_content_read_uleb128(const GBinContent *content, vmpa2t *addr, uleb128_t *val) { bool result; /* Bilan à remonter */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->read_uleb128(content, addr, val); + result = class->read_uleb128(content, addr, val); return result; @@ -547,11 +749,73 @@ bool g_binary_content_read_uleb128(const GBinContent *content, vmpa2t *addr, ule bool g_binary_content_read_leb128(const GBinContent *content, vmpa2t *addr, leb128_t *val) { bool result; /* Bilan à remonter */ - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ + + class = G_BIN_CONTENT_GET_CLASS(content); + + result = class->read_leb128(content, addr, val); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* CONSERVATION ET RECHARGEMENT DES DONNEES */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : content = élément GLib à constuire. * +* storage = conservateur de données à manipuler ou NULL. * +* pbuf = zone tampon à lire. * +* * +* Description : Charge un contenu depuis une mémoire tampon. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_binary_content_load(GBinContent *content, GObjectStorage *storage, packed_buffer_t *pbuf) +{ + bool result; /* Bilan à retourner */ + GBinContentClass *class; /* Classe de l'instance */ + + class = G_BIN_CONTENT_GET_CLASS(content); + + result = class->load(content, storage, pbuf); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : content = élément GLib à consulter. * +* storage = conservateur de données à manipuler ou NULL. * +* pbuf = zone tampon à remplir. * +* * +* Description : Sauvegarde un contenu dans une mémoire tampon. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_binary_content_store(const GBinContent *content, GObjectStorage *storage, packed_buffer_t *pbuf) +{ + bool result; /* Bilan à retourner */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content); + class = G_BIN_CONTENT_GET_CLASS(content); - result = iface->read_leb128(content, addr, val); + result = class->store(content, storage, pbuf); return result; diff --git a/src/analysis/content.h b/src/analysis/content.h index afb721e..ee79a9c 100644 --- a/src/analysis/content.h +++ b/src/analysis/content.h @@ -36,22 +36,22 @@ -#define G_TYPE_BIN_CONTENT (g_binary_content_get_type()) -#define G_BIN_CONTENT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_BIN_CONTENT, GBinContent)) -#define G_BIN_CONTENT_CLASS(vtable) (G_TYPE_CHECK_CLASS_CAST((vtable), G_TYPE_BIN_CONTENT, GBinContentIface)) -#define G_IS_BIN_CONTENT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_BIN_CONTENT)) -#define G_IS_BIN_CONTENT_CLASS(vtable) (G_TYPE_CHECK_CLASS_TYPE((vtable), G_TYPE_BIN_CONTENT)) -#define G_BIN_CONTENT_GET_IFACE(inst) (G_TYPE_INSTANCE_GET_INTERFACE((inst), G_TYPE_BIN_CONTENT, GBinContentIface)) +#define G_TYPE_BIN_CONTENT g_binary_content_get_type() +#define G_BIN_CONTENT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_BIN_CONTENT, GBinContent)) +#define G_IS_BIN_CONTENT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_BIN_CONTENT)) +#define G_BIN_CONTENT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_BIN_CONTENT, GBinContentClass)) +#define G_IS_BIN_CONTENT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_BIN_CONTENT)) +#define G_BIN_CONTENT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_BIN_CONTENT, GBinContentClass)) -/* Accès à un contenu binaire quelconque (coquille vide) */ +/* Accès à un contenu binaire quelconque (instance) */ typedef struct _GBinContent GBinContent; -/* Accès à un contenu binaire quelconque (interface) */ -typedef struct _GBinContentIface GBinContentIface; +/* Accès à un contenu binaire quelconque (classe) */ +typedef struct _GBinContentClass GBinContentClass; -/* Détermine le type d'une interface pour la lecture de binaire. */ +/* Détermine le type d'un contenu binaire à parcourir. */ GType g_binary_content_get_type(void) G_GNUC_CONST; /* Associe un ensemble d'attributs au contenu binaire. */ @@ -87,6 +87,9 @@ const bin_t *g_binary_content_get_raw_access(const GBinContent *, vmpa2t *, phys /* Fournit une portion des données représentées. */ bool g_binary_content_read_raw(const GBinContent *, vmpa2t *, phys_t, bin_t *); +/* Lit un nombre non signé sur deux octets. */ +bool g_binary_content_read_bits(const GBinContent *, ext_vmpa_t *, uint8_t, SourceEndian, uint64_t *); + /* Lit un nombre non signé sur quatre bits. */ bool g_binary_content_read_u4(const GBinContent *, vmpa2t *, bool *, uint8_t *); diff --git a/src/analysis/contents/Makefile.am b/src/analysis/contents/Makefile.am index 1263f42..e1cf04f 100644 --- a/src/analysis/contents/Makefile.am +++ b/src/analysis/contents/Makefile.am @@ -2,10 +2,13 @@ noinst_LTLIBRARIES = libanalysiscontents.la libanalysiscontents_la_SOURCES = \ + encapsulated-int.h \ encapsulated.h encapsulated.c \ + file-int.h \ file.h file.c \ memory-int.h \ memory.h memory.c \ + restricted-int.h \ restricted.h restricted.c libanalysiscontents_la_CFLAGS = $(TOOLKIT_CFLAGS) diff --git a/src/analysis/contents/encapsulated-int.h b/src/analysis/contents/encapsulated-int.h new file mode 100644 index 0000000..5ccd318 --- /dev/null +++ b/src/analysis/contents/encapsulated-int.h @@ -0,0 +1,62 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * encapsulated-int.h - prototypes internes pour le chargement de données binaires à partir d'un contenu restreint + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_CONTENTS_ENCAPSULATED_INT_H +#define _ANALYSIS_CONTENTS_ENCAPSULATED_INT_H + + +#include "encapsulated.h" + + +#include "../content-int.h" + + + +/* Contenu de données binaires issues d'un contenu restreint (instance) */ +struct _GEncapsContent +{ + GBinContent parent; /* A laisser en premier */ + + GBinContent *base; /* Base offrant une extraction */ + char *path; /* Chemin vers le contenu ciblé*/ + GBinContent *endpoint; /* Contenu ciblé */ + + char *full_desc; /* Description de l'ensemble */ + char *desc; /* Description de l'ensemble */ + +}; + +/* Contenu de données binaires issues d'un contenu restreint (classe) */ +struct _GEncapsContentClass +{ + GBinContentClass parent; /* A laisser en premier */ + +}; + + +/* Met en place un contenu de données brutes encapsulées. */ +bool g_encaps_content_create(GEncapsContent *, GBinContent *, const char *, GBinContent *); + + + +#endif /* _ANALYSIS_CONTENTS_ENCAPSULATED_INT_H */ diff --git a/src/analysis/contents/encapsulated.c b/src/analysis/contents/encapsulated.c index dadc0a5..e0e6ed1 100644 --- a/src/analysis/contents/encapsulated.c +++ b/src/analysis/contents/encapsulated.c @@ -28,7 +28,7 @@ #include <string.h> -#include "../content-int.h" +#include "encapsulated-int.h" #include "../db/misc/rlestr.h" #include "../storage/serialize-int.h" #include "../../common/extstr.h" @@ -38,40 +38,12 @@ /* -------------------------- ENSEMBLE DE DONNEES BINAIRES -------------------------- */ -/* Contenu de issu d'un contenu plus global (instance) */ -struct _GEncapsContent -{ - GObject parent; /* A laisser en premier */ - - GBinContent *base; /* Base offrant une extraction */ - char *path; /* Chemin vers le contenu ciblé*/ - GBinContent *endpoint; /* Contenu ciblé */ - - char *full_desc; /* Description de l'ensemble */ - char *desc; /* Description de l'ensemble */ - -}; - -/* Contenu de issu d'un contenu plus global (classe) */ -struct _GEncapsContentClass -{ - GObjectClass parent; /* A laisser en premier */ - -}; - - /* Initialise la classe des contenus de données encapsulés. */ static void g_encaps_content_class_init(GEncapsContentClass *); /* Initialise une instance de contenu de données encapsulé. */ static void g_encaps_content_init(GEncapsContent *); -/* Procède à l'initialisation de l'interface de sérialisation. */ -static void g_encaps_content_serializable_init(GSerializableObjectInterface *); - -/* Procède à l'initialisation de l'interface de lecture. */ -static void g_encaps_content_interface_init(GBinContentInterface *); - /* Supprime toutes les références externes. */ static void g_encaps_content_dispose(GEncapsContent *); @@ -80,7 +52,7 @@ static void g_encaps_content_finalize(GEncapsContent *); -/* ---------------------- INTERACTIONS AVEC UN CONTENU BINAIRE ---------------------- */ +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ /* Associe un ensemble d'attributs au contenu binaire. */ @@ -137,11 +109,6 @@ static bool g_encaps_content_read_uleb128(const GEncapsContent *, vmpa2t *, uleb /* Lit un nombre signé encodé au format LEB128. */ static bool g_encaps_content_read_leb128(const GEncapsContent *, vmpa2t *, leb128_t *); - - -/* -------------------- CONSERVATION ET RECHARGEMENT DES DONNEES -------------------- */ - - /* Charge un contenu depuis une mémoire tampon. */ static bool g_encaps_content_load(GEncapsContent *, GObjectStorage *, packed_buffer_t *); @@ -156,9 +123,7 @@ static bool g_encaps_content_store(const GEncapsContent *, GObjectStorage *, pac /* Indique le type défini par la GLib pour les contenus encapsulés. */ -G_DEFINE_TYPE_WITH_CODE(GEncapsContent, g_encaps_content, G_TYPE_OBJECT, - G_IMPLEMENT_INTERFACE(G_TYPE_BIN_CONTENT, g_encaps_content_interface_init) - G_IMPLEMENT_INTERFACE(G_TYPE_SERIALIZABLE_OBJECT, g_encaps_content_serializable_init)); +G_DEFINE_TYPE(GEncapsContent, g_encaps_content, G_TYPE_BIN_CONTENT); /****************************************************************************** @@ -176,88 +141,53 @@ G_DEFINE_TYPE_WITH_CODE(GEncapsContent, g_encaps_content, G_TYPE_OBJECT, static void g_encaps_content_class_init(GEncapsContentClass *klass) { GObjectClass *object; /* Autre version de la classe */ + GBinContentClass *content; /* Version parente de la classe*/ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_encaps_content_dispose; object->finalize = (GObjectFinalizeFunc)g_encaps_content_finalize; -} - - -/****************************************************************************** -* * -* Paramètres : content = instance à initialiser. * -* * -* Description : Initialise une instance de contenu de données encapsulé. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_encaps_content_init(GEncapsContent *content) -{ - content->base = NULL; - content->path = NULL; - content->endpoint = NULL; - - content->full_desc = NULL; - content->desc = NULL; + content = G_BIN_CONTENT_CLASS(klass); -} - - -/****************************************************************************** -* * -* Paramètres : iface = interface GLib à initialiser. * -* * -* Description : Procède à l'initialisation de l'interface de lecture. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ + content->set_attribs = (set_content_attributes)g_encaps_content_set_attributes; + content->get_attribs = (get_content_attributes)g_encaps_content_get_attributes; -static void g_encaps_content_interface_init(GBinContentInterface *iface) -{ - iface->set_attribs = (set_content_attributes)g_encaps_content_set_attributes; - iface->get_attribs = (get_content_attributes)g_encaps_content_get_attributes; + content->get_root = (get_content_root_fc)g_encaps_content_get_root; - iface->get_root = (get_content_root_fc)g_encaps_content_get_root; + content->describe = (describe_content_fc)g_encaps_content_describe; - iface->describe = (describe_content_fc)g_encaps_content_describe; + content->compute_checksum = (compute_checksum_fc)g_encaps_content_compute_checksum; - iface->compute_checksum = (compute_checksum_fc)g_encaps_content_compute_checksum; + content->compute_size = (compute_size_fc)g_encaps_content_compute_size; + content->compute_start_pos = (compute_start_pos_fc)g_encaps_content_compute_start_pos; + content->compute_end_pos = (compute_end_pos_fc)g_encaps_content_compute_end_pos; - iface->compute_size = (compute_size_fc)g_encaps_content_compute_size; - iface->compute_start_pos = (compute_start_pos_fc)g_encaps_content_compute_start_pos; - iface->compute_end_pos = (compute_end_pos_fc)g_encaps_content_compute_end_pos; + content->seek = (seek_fc)g_encaps_content_seek; - iface->seek = (seek_fc)g_encaps_content_seek; + content->get_raw_access = (get_raw_access_fc)g_encaps_content_get_raw_access; - iface->get_raw_access = (get_raw_access_fc)g_encaps_content_get_raw_access; + content->read_raw = (read_raw_fc)g_encaps_content_read_raw; + content->read_u4 = (read_u4_fc)g_encaps_content_read_u4; + content->read_u8 = (read_u8_fc)g_encaps_content_read_u8; + content->read_u16 = (read_u16_fc)g_encaps_content_read_u16; + content->read_u32 = (read_u32_fc)g_encaps_content_read_u32; + content->read_u64 = (read_u64_fc)g_encaps_content_read_u64; - iface->read_raw = (read_raw_fc)g_encaps_content_read_raw; - iface->read_u4 = (read_u4_fc)g_encaps_content_read_u4; - iface->read_u8 = (read_u8_fc)g_encaps_content_read_u8; - iface->read_u16 = (read_u16_fc)g_encaps_content_read_u16; - iface->read_u32 = (read_u32_fc)g_encaps_content_read_u32; - iface->read_u64 = (read_u64_fc)g_encaps_content_read_u64; + content->read_uleb128 = (read_uleb128_fc)g_encaps_content_read_uleb128; + content->read_leb128 = (read_leb128_fc)g_encaps_content_read_leb128; - iface->read_uleb128 = (read_uleb128_fc)g_encaps_content_read_uleb128; - iface->read_leb128 = (read_leb128_fc)g_encaps_content_read_leb128; + content->load = (load_content_cb)g_encaps_content_load; + content->store = (store_content_cb)g_encaps_content_store; } /****************************************************************************** * * -* Paramètres : iface = interface GLib à initialiser. * +* Paramètres : content = instance à initialiser. * * * -* Description : Procède à l'initialisation de l'interface de sérialisation. * +* Description : Initialise une instance de contenu de données encapsulé. * * * * Retour : - * * * @@ -265,10 +195,14 @@ static void g_encaps_content_interface_init(GBinContentInterface *iface) * * ******************************************************************************/ -static void g_encaps_content_serializable_init(GSerializableObjectInterface *iface) +static void g_encaps_content_init(GEncapsContent *content) { - iface->load = (load_serializable_object_cb)g_encaps_content_load; - iface->store = (store_serializable_object_cb)g_encaps_content_store; + content->base = NULL; + content->path = NULL; + content->endpoint = NULL; + + content->full_desc = NULL; + content->desc = NULL; } @@ -337,30 +271,59 @@ static void g_encaps_content_finalize(GEncapsContent *content) GBinContent *g_encaps_content_new(GBinContent *base, const char *path, GBinContent *endpoint) { - GEncapsContent *result; /* Structure à retourner */ + GBinContent *result; /* Structure à retourner */ result = g_object_new(G_TYPE_ENCAPS_CONTENT, NULL); + if (!g_encaps_content_create(G_ENCAPS_CONTENT(result), base, path, endpoint)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : content = instance à initialiser pleinement. * +* base = contenu binaire d'où réaliser une extraction. * +* path = chemin vers le contenu finalement ciblé. * +* endpoint = contenu final rendu accessible. * +* * +* Description : Met en place un contenu de données brutes encapsulées. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_encaps_content_create(GEncapsContent *content, GBinContent *base, const char *path, GBinContent *endpoint) +{ + bool result; /* Bilan à retourner */ + g_object_ref(base); g_object_ref(endpoint); - result->base = base; - result->path = strdup(path); - result->endpoint = endpoint; + content->base = base; + content->path = strdup(path); + content->endpoint = endpoint; /* Description complète */ - result->full_desc = g_binary_content_describe(result->base, true); + content->full_desc = g_binary_content_describe(content->base, true); - result->full_desc = stradd(result->full_desc, G_DIR_SEPARATOR_S); + content->full_desc = stradd(content->full_desc, G_DIR_SEPARATOR_S); - result->full_desc = stradd(result->full_desc, path); + content->full_desc = stradd(content->full_desc, path); /* Description partielle */ - result->desc = strdup(path); + content->desc = strdup(path); + + result = true; - return G_BIN_CONTENT(result); + return result; } @@ -442,7 +405,7 @@ GBinContent *g_encaps_content_get_endpoint(const GEncapsContent *content) /* ---------------------------------------------------------------------------------- */ -/* INTERACTIONS AVEC UN CONTENU BINAIRE */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ /* ---------------------------------------------------------------------------------- */ @@ -554,11 +517,11 @@ static char *g_encaps_content_describe(const GEncapsContent *content, bool full) static void g_encaps_content_compute_checksum(GEncapsContent *content, GChecksum *checksum) { - GBinContentIface *iface; /* Interface utilisée */ + GBinContentClass *class; /* Classe de l'instance */ - iface = G_BIN_CONTENT_GET_IFACE(content->endpoint); + class = G_BIN_CONTENT_GET_CLASS(content); - iface->compute_checksum(content->endpoint, checksum); + class->compute_checksum(content->endpoint, checksum); } @@ -882,12 +845,6 @@ static bool g_encaps_content_read_leb128(const GEncapsContent *content, vmpa2t * } - -/* ---------------------------------------------------------------------------------- */ -/* CONSERVATION ET RECHARGEMENT DES DONNEES */ -/* ---------------------------------------------------------------------------------- */ - - /****************************************************************************** * * * Paramètres : content = élément GLib à constuire. * diff --git a/src/analysis/contents/file-int.h b/src/analysis/contents/file-int.h new file mode 100644 index 0000000..dc61bdc --- /dev/null +++ b/src/analysis/contents/file-int.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * file-int.h - prototypes internes pour le chargement de données binaires à partir d'un fichier + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_CONTENTS_FILE_INT_H +#define _ANALYSIS_CONTENTS_FILE_INT_H + + +#include "file.h" + + +#include "memory-int.h" + + + +/* Contenu de données binaires issues d'un fichier (instance) */ +struct _GFileContent +{ + GMemoryContent parent; /* A laisser en premier */ + + char *filename; /* Fichier chargé en mémoire */ + int fd; /* Flux ouvert en lectureu */ + +}; + +/* Contenu de données binaires issues d'un fichier (classe) */ +struct _GFileContentClass +{ + GMemoryContentClass parent; /* A laisser en premier */ + +}; + + +/* Met en place un contenu d'un fichier donné. */ +bool g_file_content_create(GFileContent *, const char *); + + + +#endif /* _ANALYSIS_CONTENTS_FILE_INT_H */ diff --git a/src/analysis/contents/file.c b/src/analysis/contents/file.c index 7497667..545d869 100644 --- a/src/analysis/contents/file.c +++ b/src/analysis/contents/file.c @@ -25,6 +25,7 @@ #include <fcntl.h> +#include <libgen.h> #include <malloc.h> #include <string.h> #include <unistd.h> @@ -32,8 +33,7 @@ #include <sys/stat.h> -#include "memory-int.h" -#include "../content-int.h" +#include "file-int.h" #include "../db/misc/rlestr.h" #include "../storage/serialize-int.h" #include "../../core/logs.h" @@ -43,33 +43,12 @@ /* -------------------------- ENSEMBLE DE DONNEES BINAIRES -------------------------- */ -/* Contenu de données binaires issues d'un fichier (instance) */ -struct _GFileContent -{ - GMemoryContent parent; /* A laisser en premier */ - - char *filename; /* Fichier chargé en mémoire */ - int fd; /* Flux ouvert en lectureu */ - -}; - -/* Contenu de données binaires issues d'un fichier (classe) */ -struct _GFileContentClass -{ - GMemoryContentClass parent; /* A laisser en premier */ - -}; - - /* Initialise la classe des contenus de données binaires. */ static void g_file_content_class_init(GFileContentClass *); /* Initialise une instance de contenu de données binaires. */ static void g_file_content_init(GFileContent *); -/* Procède à l'initialisation de l'interface de sérialisation. */ -static void g_file_content_serializable_init(GSerializableObjectInterface *); - /* Supprime toutes les références externes. */ static void g_file_content_dispose(GFileContent *); @@ -77,9 +56,13 @@ static void g_file_content_dispose(GFileContent *); static void g_file_content_finalize(GFileContent *); -/* -------------------- CONSERVATION ET RECHARGEMENT DES DONNEES -------------------- */ + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ +/* Fournit le nom associé au contenu binaire. */ +static char *g_file_content_describe(const GFileContent *, bool); + /* Charge un contenu depuis une mémoire tampon. */ static bool g_file_content_load(GFileContent *, GObjectStorage *, packed_buffer_t *); @@ -94,8 +77,7 @@ static bool g_file_content_store(const GFileContent *, GObjectStorage *, packed_ /* Indique le type défini par la GLib pour les contenus de données. */ -G_DEFINE_TYPE_WITH_CODE(GFileContent, g_file_content, G_TYPE_MEMORY_CONTENT, - G_IMPLEMENT_INTERFACE(G_TYPE_SERIALIZABLE_OBJECT, g_file_content_serializable_init)); +G_DEFINE_TYPE(GFileContent, g_file_content, G_TYPE_MEMORY_CONTENT); /****************************************************************************** @@ -113,12 +95,20 @@ G_DEFINE_TYPE_WITH_CODE(GFileContent, g_file_content, G_TYPE_MEMORY_CONTENT, static void g_file_content_class_init(GFileContentClass *klass) { GObjectClass *object; /* Autre version de la classe */ + GBinContentClass *content; /* Version parente de la classe*/ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_file_content_dispose; object->finalize = (GObjectFinalizeFunc)g_file_content_finalize; + content = G_BIN_CONTENT_CLASS(klass); + + content->describe = (describe_content_fc)g_file_content_describe; + + content->load = (load_content_cb)g_file_content_load; + content->store = (store_content_cb)g_file_content_store; + } @@ -144,26 +134,6 @@ static void g_file_content_init(GFileContent *content) /****************************************************************************** * * -* Paramètres : iface = interface GLib à initialiser. * -* * -* Description : Procède à l'initialisation de l'interface de sérialisation. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_file_content_serializable_init(GSerializableObjectInterface *iface) -{ - iface->load = (load_serializable_object_cb)g_file_content_load; - iface->store = (store_serializable_object_cb)g_file_content_store; - -} - - -/****************************************************************************** -* * * Paramètres : content = instance d'objet GLib à traiter. * * * * Description : Supprime toutes les références externes. * @@ -213,6 +183,8 @@ static void g_file_content_finalize(GFileContent *content) } + + /****************************************************************************** * * * Paramètres : filename = chemin d'accès au fichier à charger. * @@ -227,13 +199,42 @@ static void g_file_content_finalize(GFileContent *content) GBinContent *g_file_content_new(const char *filename) { - GFileContent *result; /* Structure à retourner */ + GBinContent *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_FILE_CONTENT, NULL); + + if (!g_file_content_create(G_FILE_CONTENT(result), filename)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : content = instance à initialiser pleinement. * +* filename = chemin d'accès au fichier à charger. * +* * +* Description : Met en place un contenu d'un fichier donné. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_file_content_create(GFileContent *content, const char *filename) +{ + bool result; /* Bilan à retourner */ int fd; /* Descripteur du fichier */ struct stat info; /* Informations sur le fichier */ int ret; /* Bilan d'un appel */ - void *content; /* Contenu brut du fichier */ + void *data; /* Contenu brut du fichier */ GMemoryContent *base; /* Structure parente */ + result = false; + /* Récupération des données */ fd = open(filename, O_RDONLY); @@ -251,8 +252,8 @@ GBinContent *g_file_content_new(const char *filename) goto file_error; } - content = mmap(NULL, info.st_size, PROT_READ, MAP_PRIVATE, fd, 0); - if (content == MAP_FAILED) + data = mmap(NULL, info.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (data == MAP_FAILED) { close(fd); LOG_ERROR_N("mmap"); @@ -261,20 +262,18 @@ GBinContent *g_file_content_new(const char *filename) /* Constitution du contenu officiel */ - result = g_object_new(G_TYPE_FILE_CONTENT, NULL); - - result->filename = strdup(filename); + content->filename = strdup(filename); - base = G_MEMORY_CONTENT(result); + base = G_MEMORY_CONTENT(content); - base->data = content; + base->data = data; base->length = info.st_size; - return G_BIN_CONTENT(result); + result = true; file_error: - return NULL; + return result; } @@ -304,12 +303,51 @@ const char *g_file_content_get_filename(const GFileContent *content) /* ---------------------------------------------------------------------------------- */ -/* CONSERVATION ET RECHARGEMENT DES DONNEES */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ /* ---------------------------------------------------------------------------------- */ /****************************************************************************** * * +* Paramètres : content = contenu binaire à consulter. * +* full = précise s'il s'agit d'une version longue ou non. * +* * +* Description : Fournit le nom associé au contenu binaire. * +* * +* Retour : Nom de fichier avec chemin absolu au besoin. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_file_content_describe(const GFileContent *content, bool full) +{ + char *result; /* Description à retourner */ + char *tmp; /* Copie modifiable */ + char *base; /* Description à recopier */ + + if (full) + result = strdup(content->filename); + + else + { + tmp = strdup(content->filename); + + base = basename(tmp); + + result = strdup(base); + + free(tmp); + + } + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : content = élément GLib à constuire. * * storage = conservateur de données à manipuler ou NULL. * * pbuf = zone tampon à lire. * diff --git a/src/analysis/contents/memory-int.h b/src/analysis/contents/memory-int.h index 749e984..d3012c7 100644 --- a/src/analysis/contents/memory-int.h +++ b/src/analysis/contents/memory-int.h @@ -28,11 +28,14 @@ #include "memory.h" +#include "../content-int.h" + + /* Contenu de données binaires résidant en mémoire (instance) */ struct _GMemoryContent { - GObject parent; /* A laisser en premier */ + GBinContent parent; /* A laisser en premier */ GContentAttributes *attribs; /* Attributs liés au contenu */ @@ -48,10 +51,14 @@ struct _GMemoryContent /* Contenu de données binaires résidant en mémoire (classe) */ struct _GMemoryContentClass { - GObjectClass parent; /* A laisser en premier */ + GBinContentClass parent; /* A laisser en premier */ }; +/* Met en place un contenu de données brutes depuis la mémoire. */ +bool g_memory_content_create(GMemoryContent *, const bin_t *, phys_t); + + #endif /* _ANALYSIS_CONTENTS_MEMORY_INT_H */ diff --git a/src/analysis/contents/memory.c b/src/analysis/contents/memory.c index f80a01a..f8ff863 100644 --- a/src/analysis/contents/memory.c +++ b/src/analysis/contents/memory.c @@ -51,12 +51,6 @@ static void g_memory_content_class_init(GMemoryContentClass *); /* Initialise une instance de contenu de données en mémoire. */ static void g_memory_content_init(GMemoryContent *); -/* Procède à l'initialisation de l'interface de lecture. */ -static void g_memory_content_interface_init(GBinContentInterface *); - -/* Procède à l'initialisation de l'interface de sérialisation. */ -static void g_memory_content_serializable_init(GSerializableObjectInterface *); - /* Supprime toutes les références externes. */ static void g_memory_content_dispose(GMemoryContent *); @@ -65,7 +59,7 @@ static void g_memory_content_finalize(GMemoryContent *); -/* ---------------------- INTERACTIONS AVEC UN CONTENU BINAIRE ---------------------- */ +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ /* Associe un ensemble d'attributs au contenu binaire. */ @@ -122,11 +116,6 @@ static bool g_memory_content_read_uleb128(const GMemoryContent *, vmpa2t *, uleb /* Lit un nombre signé encodé au format LEB128. */ static bool g_memory_content_read_leb128(const GMemoryContent *, vmpa2t *, leb128_t *); - - -/* -------------------- CONSERVATION ET RECHARGEMENT DES DONNEES -------------------- */ - - /* Charge un contenu depuis une mémoire tampon. */ static bool g_memory_content_load(GMemoryContent *, GObjectStorage *, packed_buffer_t *); @@ -141,9 +130,7 @@ static bool g_memory_content_store(const GMemoryContent *, GObjectStorage *, pac /* Indique le type défini par la GLib pour les contenus de données en mémoire. */ -G_DEFINE_TYPE_WITH_CODE(GMemoryContent, g_memory_content, G_TYPE_OBJECT, - G_IMPLEMENT_INTERFACE(G_TYPE_BIN_CONTENT, g_memory_content_interface_init) - G_IMPLEMENT_INTERFACE(G_TYPE_SERIALIZABLE_OBJECT, g_memory_content_serializable_init)); +G_DEFINE_TYPE(GMemoryContent, g_memory_content, G_TYPE_BIN_CONTENT); /****************************************************************************** @@ -161,12 +148,45 @@ G_DEFINE_TYPE_WITH_CODE(GMemoryContent, g_memory_content, G_TYPE_OBJECT, static void g_memory_content_class_init(GMemoryContentClass *klass) { GObjectClass *object; /* Autre version de la classe */ + GBinContentClass *content; /* Version parente de la classe*/ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_memory_content_dispose; object->finalize = (GObjectFinalizeFunc)g_memory_content_finalize; + content = G_BIN_CONTENT_CLASS(klass); + + content->set_attribs = (set_content_attributes)g_memory_content_set_attributes; + content->get_attribs = (get_content_attributes)g_memory_content_get_attributes; + + content->get_root = (get_content_root_fc)g_memory_content_get_root; + + content->describe = (describe_content_fc)g_memory_content_describe; + + content->compute_checksum = (compute_checksum_fc)g_memory_content_compute_checksum; + + content->compute_size = (compute_size_fc)g_memory_content_compute_size; + content->compute_start_pos = (compute_start_pos_fc)g_memory_content_compute_start_pos; + content->compute_end_pos = (compute_end_pos_fc)g_memory_content_compute_end_pos; + + content->seek = (seek_fc)g_memory_content_seek; + + content->get_raw_access = (get_raw_access_fc)g_memory_content_get_raw_access; + + content->read_raw = (read_raw_fc)g_memory_content_read_raw; + content->read_u4 = (read_u4_fc)g_memory_content_read_u4; + content->read_u8 = (read_u8_fc)g_memory_content_read_u8; + content->read_u16 = (read_u16_fc)g_memory_content_read_u16; + content->read_u32 = (read_u32_fc)g_memory_content_read_u32; + content->read_u64 = (read_u64_fc)g_memory_content_read_u64; + + content->read_uleb128 = (read_uleb128_fc)g_memory_content_read_uleb128; + content->read_leb128 = (read_leb128_fc)g_memory_content_read_leb128; + + content->load = (load_content_cb)g_memory_content_load; + content->store = (store_content_cb)g_memory_content_store; + } @@ -206,70 +226,6 @@ static void g_memory_content_init(GMemoryContent *content) /****************************************************************************** * * -* Paramètres : iface = interface GLib à initialiser. * -* * -* Description : Procède à l'initialisation de l'interface de lecture. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_memory_content_interface_init(GBinContentInterface *iface) -{ - iface->set_attribs = (set_content_attributes)g_memory_content_set_attributes; - iface->get_attribs = (get_content_attributes)g_memory_content_get_attributes; - - iface->get_root = (get_content_root_fc)g_memory_content_get_root; - - iface->describe = (describe_content_fc)g_memory_content_describe; - - iface->compute_checksum = (compute_checksum_fc)g_memory_content_compute_checksum; - - iface->compute_size = (compute_size_fc)g_memory_content_compute_size; - iface->compute_start_pos = (compute_start_pos_fc)g_memory_content_compute_start_pos; - iface->compute_end_pos = (compute_end_pos_fc)g_memory_content_compute_end_pos; - - iface->seek = (seek_fc)g_memory_content_seek; - - iface->get_raw_access = (get_raw_access_fc)g_memory_content_get_raw_access; - - iface->read_raw = (read_raw_fc)g_memory_content_read_raw; - iface->read_u4 = (read_u4_fc)g_memory_content_read_u4; - iface->read_u8 = (read_u8_fc)g_memory_content_read_u8; - iface->read_u16 = (read_u16_fc)g_memory_content_read_u16; - iface->read_u32 = (read_u32_fc)g_memory_content_read_u32; - iface->read_u64 = (read_u64_fc)g_memory_content_read_u64; - - iface->read_uleb128 = (read_uleb128_fc)g_memory_content_read_uleb128; - iface->read_leb128 = (read_leb128_fc)g_memory_content_read_leb128; - -} - - -/****************************************************************************** -* * -* Paramètres : iface = interface GLib à initialiser. * -* * -* Description : Procède à l'initialisation de l'interface de sérialisation. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_memory_content_serializable_init(GSerializableObjectInterface *iface) -{ - iface->load = (load_serializable_object_cb)g_memory_content_load; - iface->store = (store_serializable_object_cb)g_memory_content_store; - -} - - -/****************************************************************************** -* * * Paramètres : content = instance d'objet GLib à traiter. * * * * Description : Supprime toutes les références externes. * @@ -335,32 +291,62 @@ static void g_memory_content_finalize(GMemoryContent *content) GBinContent *g_memory_content_new(const bin_t *data, phys_t size) { - GMemoryContent *result; /* Structure à retourner */ + GBinContent *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_MEMORY_CONTENT, NULL); + + if (!g_memory_content_create(G_MEMORY_CONTENT(result), data, size)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : content = instance à initialiser pleinement. * +* data = données du contenu volatile. * +* size = quantité de ces données. * +* * +* Description : Met en place un contenu de données brutes depuis la mémoire. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_memory_content_create(GMemoryContent *content, const bin_t *data, phys_t size) +{ + bool result; /* Bilan à retourner */ bin_t *allocated; /* Zone de réception */ allocated = malloc(size); if (allocated == NULL) { LOG_ERROR_N("malloc"); - return NULL; + goto exit; } memcpy(allocated, data, size); - result = g_object_new(G_TYPE_MEMORY_CONTENT, NULL); + content->data = allocated; + content->length = size; + content->allocated = true; - result->data = allocated; - result->length = size; - result->allocated = true; + result = true; - return G_BIN_CONTENT(result); + exit: + + return result; } /* ---------------------------------------------------------------------------------- */ -/* INTERACTIONS AVEC UN CONTENU BINAIRE */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ /* ---------------------------------------------------------------------------------- */ @@ -710,15 +696,12 @@ static bool g_memory_content_read_u8(const GMemoryContent *content, vmpa2t *addr { bool result; /* Bilan de lecture à renvoyer */ phys_t pos; /* Tête de lecture courante */ - phys_t length; /* Taille de la surface dispo. */ pos = get_phy_addr(addr); if (pos == VMPA_NO_PHYSICAL) return false; - length = length; - result = read_u8(val, content->data, &pos, content->length); if (result) @@ -902,12 +885,6 @@ static bool g_memory_content_read_leb128(const GMemoryContent *content, vmpa2t * } - -/* ---------------------------------------------------------------------------------- */ -/* CONSERVATION ET RECHARGEMENT DES DONNEES */ -/* ---------------------------------------------------------------------------------- */ - - /****************************************************************************** * * * Paramètres : content = élément GLib à constuire. * diff --git a/src/analysis/contents/restricted-int.h b/src/analysis/contents/restricted-int.h new file mode 100644 index 0000000..ab86359 --- /dev/null +++ b/src/analysis/contents/restricted-int.h @@ -0,0 +1,59 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * restricted-int.h - prototypes internes pour le chargement de données binaires à partir d'un contenu restreint + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_CONTENTS_RESTRICTED_INT_H +#define _ANALYSIS_CONTENTS_RESTRICTED_INT_H + + +#include "restricted.h" + + +#include "../content-int.h" + + + +/* Contenu de données binaires issues d'un contenu restreint (instance) */ +struct _GRestrictedContent +{ + GBinContent parent; /* A laisser en premier */ + + GBinContent *internal; /* Contenu de sous-traitance */ + + mrange_t range; /* Restriction de couverture */ + +}; + +/* Contenu de données binaires issues d'un contenu restreint (classe) */ +struct _GRestrictedContentClass +{ + GBinContentClass parent; /* A laisser en premier */ + +}; + + +/* Met en place un contenu restreint de données brutes. */ +bool g_restricted_content_create(GRestrictedContent *, GBinContent *, const mrange_t *); + + + +#endif /* _ANALYSIS_CONTENTS_RESTRICTED_INT_H */ diff --git a/src/analysis/contents/restricted.c b/src/analysis/contents/restricted.c index 55bc83f..9b4e1c8 100644 --- a/src/analysis/contents/restricted.c +++ b/src/analysis/contents/restricted.c @@ -28,7 +28,7 @@ #include <string.h> -#include "../content-int.h" +#include "restricted-int.h" #include "../db/misc/rlestr.h" #include "../storage/serialize-int.h" #include "../../common/extstr.h" @@ -39,37 +39,12 @@ /* -------------------------- ENSEMBLE DE DONNEES BINAIRES -------------------------- */ -/* Contenu de données binaires issues d'un contenu restreint (instance) */ -struct _GRestrictedContent -{ - GObject parent; /* A laisser en premier */ - - GBinContent *internal; /* Contenu de sous-traitance */ - - mrange_t range; /* Restriction de couverture */ - -}; - -/* Contenu de données binaires issues d'un contenu restreint (classe) */ -struct _GRestrictedContentClass -{ - GObjectClass parent; /* A laisser en premier */ - -}; - - /* Initialise la classe des contenus de données binaires. */ static void g_restricted_content_class_init(GRestrictedContentClass *); /* Initialise une instance de contenu de données binaires. */ static void g_restricted_content_init(GRestrictedContent *); -/* Procède à l'initialisation de l'interface de lecture. */ -static void g_restricted_content_interface_init(GBinContentInterface *); - -/* Procède à l'initialisation de l'interface de sérialisation. */ -static void g_restricted_content_serializable_init(GSerializableObjectInterface *); - /* Supprime toutes les références externes. */ static void g_restricted_content_dispose(GRestrictedContent *); @@ -78,7 +53,7 @@ static void g_restricted_content_finalize(GRestrictedContent *); -/* ---------------------- INTERACTIONS AVEC UN CONTENU BINAIRE ---------------------- */ +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ /* Associe un ensemble d'attributs au contenu binaire. */ @@ -135,11 +110,6 @@ static bool g_restricted_content_read_uleb128(const GRestrictedContent *, vmpa2t /* Lit un nombre signé encodé au format LEB128. */ static bool g_restricted_content_read_leb128(const GRestrictedContent *, vmpa2t *, leb128_t *); - - -/* -------------------- CONSERVATION ET RECHARGEMENT DES DONNEES -------------------- */ - - /* Charge un contenu depuis une mémoire tampon. */ static bool g_restricted_content_load(GRestrictedContent *, GObjectStorage *, packed_buffer_t *); @@ -154,9 +124,7 @@ static bool g_restricted_content_store(const GRestrictedContent *, GObjectStorag /* Indique le type défini par la GLib pour les contenus de données. */ -G_DEFINE_TYPE_WITH_CODE(GRestrictedContent, g_restricted_content, G_TYPE_OBJECT, - G_IMPLEMENT_INTERFACE(G_TYPE_BIN_CONTENT, g_restricted_content_interface_init) - G_IMPLEMENT_INTERFACE(G_TYPE_SERIALIZABLE_OBJECT, g_restricted_content_serializable_init)); +G_DEFINE_TYPE(GRestrictedContent, g_restricted_content, G_TYPE_BIN_CONTENT); /****************************************************************************** @@ -174,88 +142,53 @@ G_DEFINE_TYPE_WITH_CODE(GRestrictedContent, g_restricted_content, G_TYPE_OBJECT, static void g_restricted_content_class_init(GRestrictedContentClass *klass) { GObjectClass *object; /* Autre version de la classe */ + GBinContentClass *content; /* Version parente de la classe*/ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_restricted_content_dispose; object->finalize = (GObjectFinalizeFunc)g_restricted_content_finalize; -} + content = G_BIN_CONTENT_CLASS(klass); + content->set_attribs = (set_content_attributes)g_restricted_content_set_attributes; + content->get_attribs = (get_content_attributes)g_restricted_content_get_attributes; -/****************************************************************************** -* * -* Paramètres : content = instance à initialiser. * -* * -* Description : Initialise une instance de contenu de données binaires. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ + content->get_root = (get_content_root_fc)g_restricted_content_get_root; -static void g_restricted_content_init(GRestrictedContent *content) -{ - vmpa2t dummy; /* Localisation nulle */ + content->describe = (describe_content_fc)g_restricted_content_describe; - content->internal = NULL; + content->compute_checksum = (compute_checksum_fc)g_restricted_content_compute_checksum; - init_vmpa(&dummy, VMPA_NO_PHYSICAL, VMPA_NO_VIRTUAL); - init_mrange(&content->range, &dummy, 0); + content->compute_size = (compute_size_fc)g_restricted_content_compute_size; + content->compute_start_pos = (compute_start_pos_fc)g_restricted_content_compute_start_pos; + content->compute_end_pos = (compute_end_pos_fc)g_restricted_content_compute_end_pos; -} + content->seek = (seek_fc)g_restricted_content_seek; + content->get_raw_access = (get_raw_access_fc)g_restricted_content_get_raw_access; -/****************************************************************************** -* * -* Paramètres : iface = interface GLib à initialiser. * -* * -* Description : Procède à l'initialisation de l'interface de lecture. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_restricted_content_interface_init(GBinContentInterface *iface) -{ - iface->set_attribs = (set_content_attributes)g_restricted_content_set_attributes; - iface->get_attribs = (get_content_attributes)g_restricted_content_get_attributes; - - iface->get_root = (get_content_root_fc)g_restricted_content_get_root; + content->read_raw = (read_raw_fc)g_restricted_content_read_raw; + content->read_u4 = (read_u4_fc)g_restricted_content_read_u4; + content->read_u8 = (read_u8_fc)g_restricted_content_read_u8; + content->read_u16 = (read_u16_fc)g_restricted_content_read_u16; + content->read_u32 = (read_u32_fc)g_restricted_content_read_u32; + content->read_u64 = (read_u64_fc)g_restricted_content_read_u64; - iface->describe = (describe_content_fc)g_restricted_content_describe; + content->read_uleb128 = (read_uleb128_fc)g_restricted_content_read_uleb128; + content->read_leb128 = (read_leb128_fc)g_restricted_content_read_leb128; - iface->compute_checksum = (compute_checksum_fc)g_restricted_content_compute_checksum; - - iface->compute_size = (compute_size_fc)g_restricted_content_compute_size; - iface->compute_start_pos = (compute_start_pos_fc)g_restricted_content_compute_start_pos; - iface->compute_end_pos = (compute_end_pos_fc)g_restricted_content_compute_end_pos; - - iface->seek = (seek_fc)g_restricted_content_seek; - - iface->get_raw_access = (get_raw_access_fc)g_restricted_content_get_raw_access; - - iface->read_raw = (read_raw_fc)g_restricted_content_read_raw; - iface->read_u4 = (read_u4_fc)g_restricted_content_read_u4; - iface->read_u8 = (read_u8_fc)g_restricted_content_read_u8; - iface->read_u16 = (read_u16_fc)g_restricted_content_read_u16; - iface->read_u32 = (read_u32_fc)g_restricted_content_read_u32; - iface->read_u64 = (read_u64_fc)g_restricted_content_read_u64; - - iface->read_uleb128 = (read_uleb128_fc)g_restricted_content_read_uleb128; - iface->read_leb128 = (read_leb128_fc)g_restricted_content_read_leb128; + content->load = (load_content_cb)g_restricted_content_load; + content->store = (store_content_cb)g_restricted_content_store; } /****************************************************************************** * * -* Paramètres : iface = interface GLib à initialiser. * +* Paramètres : content = instance à initialiser. * * * -* Description : Procède à l'initialisation de l'interface de sérialisation. * +* Description : Initialise une instance de contenu de données binaires. * * * * Retour : - * * * @@ -263,10 +196,14 @@ static void g_restricted_content_interface_init(GBinContentInterface *iface) * * ******************************************************************************/ -static void g_restricted_content_serializable_init(GSerializableObjectInterface *iface) +static void g_restricted_content_init(GRestrictedContent *content) { - iface->load = (load_serializable_object_cb)g_restricted_content_load; - iface->store = (store_serializable_object_cb)g_restricted_content_store; + vmpa2t dummy; /* Localisation nulle */ + + content->internal = NULL; + + init_vmpa(&dummy, VMPA_NO_PHYSICAL, VMPA_NO_VIRTUAL); + init_mrange(&content->range, &dummy, 0); } @@ -313,8 +250,8 @@ static void g_restricted_content_finalize(GRestrictedContent *content) /****************************************************************************** * * -* Paramètres : content = contenu binaire où puiser les données à fournir. * -* range = espace de restrictions pour les accès. * +* Paramètres : internal = contenu binaire où puiser les données à fournir. * +* range = espace de restrictions pour les accès. * * * * Description : Charge en mémoire le contenu d'un contenu restreint. * * * @@ -324,47 +261,47 @@ static void g_restricted_content_finalize(GRestrictedContent *content) * * ******************************************************************************/ -GBinContent *g_restricted_content_new(GBinContent *content, const mrange_t *range) +GBinContent *g_restricted_content_new(GBinContent *internal, const mrange_t *range) { - GRestrictedContent *result; /* Structure à retourner */ + GBinContent *result; /* Structure à retourner */ result = g_object_new(G_TYPE_RESTRICTED_CONTENT, NULL); - result->internal = content; - g_object_ref(G_OBJECT(result->internal)); + if (!g_restricted_content_create(G_RESTRICTED_CONTENT(result), internal, range)) + g_clear_object(&result); - copy_mrange(&result->range, range); - - return G_BIN_CONTENT(result); + return result; } /****************************************************************************** * * -* Paramètres : content = contenu binaire où puiser les données à fournir. * -* range = espace de restrictions pour les accès. * +* Paramètres : content = instance à initialiser pleinement. * +* base = contenu binaire d'où réaliser une extraction. * +* path = chemin vers le contenu finalement ciblé. * +* endpoint = contenu final rendu accessible. * * * -* Description : Charge en mémoire le contenu d'un contenu restreint. * +* Description : Met en place un contenu restreint de données brutes. * * * -* Retour : Représentation de contenu à manipuler ou NULL en cas d'échec.* +* Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ -GBinContent *g_restricted_content_new_ro(const GBinContent *content, const mrange_t *range) +bool g_restricted_content_create(GRestrictedContent *content, GBinContent *internal, const mrange_t *range) { - GRestrictedContent *result; /* Structure à retourner */ + bool result; /* Bilan à retourner */ - result = g_object_new(G_TYPE_RESTRICTED_CONTENT, NULL); + content->internal = internal; + g_object_ref(G_OBJECT(content->internal)); - result->internal = (GBinContent *)content; - g_object_ref(G_OBJECT(result->internal)); + copy_mrange(&content->range, range); - copy_mrange(&result->range, range); + result = true; - return G_BIN_CONTENT(result); + return result; } @@ -1027,12 +964,6 @@ static bool g_restricted_content_read_leb128(const GRestrictedContent *content, } - -/* ---------------------------------------------------------------------------------- */ -/* CONSERVATION ET RECHARGEMENT DES DONNEES */ -/* ---------------------------------------------------------------------------------- */ - - /****************************************************************************** * * * Paramètres : content = élément GLib à constuire. * diff --git a/src/analysis/contents/restricted.h b/src/analysis/contents/restricted.h index 402282a..1cea390 100644 --- a/src/analysis/contents/restricted.h +++ b/src/analysis/contents/restricted.h @@ -53,9 +53,6 @@ GType g_restricted_content_get_type(void); /* Charge en mémoire le contenu d'un contenu restreint. */ GBinContent *g_restricted_content_new(GBinContent *, const mrange_t *); -/* Charge en mémoire le contenu d'un contenu restreint. */ -GBinContent *g_restricted_content_new_ro(const GBinContent *, const mrange_t *); - /* Indique l'espace de restriction appliqué à un contenu. */ void g_restricted_content_get_range(const GRestrictedContent *, mrange_t *); diff --git a/src/analysis/scan/Makefile.am b/src/analysis/scan/Makefile.am index d24f4a8..f7e85ad 100644 --- a/src/analysis/scan/Makefile.am +++ b/src/analysis/scan/Makefile.am @@ -8,7 +8,7 @@ BUILT_SOURCES = grammar.h AM_YFLAGS = -v -d -p rost_ -Wno-yacc -Wcounterexamples -AM_LFLAGS = -P rost_ -o lex.yy.c --header-file=tokens.h \ +AM_LFLAGS = -b -Cf -P rost_ -o lex.yy.c --header-file=tokens.h \ -Dyyget_lineno=rost_get_lineno \ -Dyy_scan_bytes=rost__scan_bytes \ -Dyy_delete_buffer=rost__delete_buffer @@ -26,8 +26,8 @@ libanalysisscan_la_SOURCES = \ expr.h expr.c \ item-int.h \ item.h item.c \ - match-int.h \ - match.h match.c \ + matches-int.h \ + matches.h matches.c \ options-int.h \ options.h options.c \ pattern-int.h \ diff --git a/src/analysis/scan/context-int.h b/src/analysis/scan/context-int.h index 654ecca..6135201 100644 --- a/src/analysis/scan/context-int.h +++ b/src/analysis/scan/context-int.h @@ -30,30 +30,23 @@ #include "expr.h" #include "../../common/fnv1a.h" +#include "../../glibext/umemslice.h" +//#define __USE_TABLE_FOR_MATCHES -#define ALLOCATION_STEP 10 -/* Mémorisation des correspondances partielles */ -typedef struct _atom_match_tracker_t -{ - phys_t *matches; /* Correspondances à confirmer */ - size_t allocated; /* Taille du talbeau préparé */ - size_t used; /* Nombre d'éléments présents */ - -} atom_match_tracker_t; +#ifndef __USE_TABLE_FOR_MATCHES -/* Mémorisation des correspondances complètes, par motif */ -typedef struct _full_match_tracker_t +/* Lien entre un motif et ses correspondances */ +typedef struct _matched_pattern_t { - GSearchPattern *pattern; /* Motif commun aux trouvailles*/ + const GSearchPattern *pattern; /* Motif recherché */ + GScanMatches *matches; /* Correspondances associées */ - GScanMatch **matches; /* Correspondances confirmées */ - size_t allocated; /* Taille du talbeau préparé */ - size_t used; /* Nombre d'éléments présents */ +} matched_pattern_t; -} full_match_tracker_t; +#endif /* Condition définissant une règle de correspondance */ typedef struct _rule_condition_t @@ -76,12 +69,17 @@ struct _GScanContext GBinContent *content; /* Contenu binaire traité */ bool scan_done; /* Phase d'analyse terminée ? */ - patid_t next_patid; /* Prochain indice utilisable */ - - atom_match_tracker_t *atom_trackers; /* Correspondances partielles */ + GUMemSlice *match_allocator; /* Suivi de correspondances */ + match_area_t **match_storages; /* Suivi de correspondances */ + size_t storages_count; /* Quantité de ces suivis */ - full_match_tracker_t **full_trackers; /* Correspondances confirmées */ +#ifdef __USE_TABLE_FOR_MATCHES + GHashTable *full_trackers; /* Correspondances confirmées */ +#else + matched_pattern_t *full_trackers; /* Correspondances confirmées */ + size_t full_allocated; /* Quantité d'éléments alloués */ size_t full_count; /* Quantité de correspondances */ +#endif bool global; /* Validation globale */ diff --git a/src/analysis/scan/context.c b/src/analysis/scan/context.c index 8a9b600..7929f9c 100644 --- a/src/analysis/scan/context.c +++ b/src/analysis/scan/context.c @@ -32,29 +32,12 @@ #include "context-int.h" #include "exprs/literal.h" +#include "matches/area.h" +#include "matches/bytes.h" #include "../../common/sort.h" - - -/* ------------------- ADMINISTRATION DES CORRESPONDANCES TOTALES ------------------- */ - - -/* Initialise un suivi de trouvailles pour un premier motif. */ -static full_match_tracker_t *create_full_match_tracker(GSearchPattern *); - -/* Termine le suivi de trouvailles pour un motif. */ -static void delete_full_match_tracker(full_match_tracker_t *); - -/* Etablit la comparaison entre deux structures de suivi. */ -static int compare_full_match_trackers(const full_match_tracker_t **, const full_match_tracker_t **); - -/* Note l'existence d'une nouvelle correspondance pour un motif. */ -static void add_match_to_full_match_tracker(full_match_tracker_t *, GScanMatch *); - - - /* --------------------- MEMORISATION DE PROGRESSIONS D'ANALYSE --------------------- */ @@ -70,120 +53,12 @@ static void g_scan_context_dispose(GScanContext *); /* Procède à la libération totale de la mémoire. */ static void g_scan_context_finalize(GScanContext *); +#ifndef __USE_TABLE_FOR_MATCHES +/* Compare un lien entre motif et correspondances avec un autre. */ +static int compare_matched_pattern(const matched_pattern_t *, const matched_pattern_t *); -/* ---------------------------------------------------------------------------------- */ -/* ADMINISTRATION DES CORRESPONDANCES TOTALES */ -/* ---------------------------------------------------------------------------------- */ - - -/****************************************************************************** -* * -* Paramètres : pattern = motif de recherche trouvé. * -* * -* Description : Initialise un suivi de trouvailles pour un premier motif. * -* * -* Retour : Structure de suivi mise en place. * -* * -* Remarques : - * -* * -******************************************************************************/ - -static full_match_tracker_t *create_full_match_tracker(GSearchPattern *pattern) -{ - full_match_tracker_t *result; /* Structure à retourner */ - - result = malloc(sizeof(full_match_tracker_t)); - - result->pattern = pattern; - g_object_ref(G_OBJECT(pattern)); - - result->matches = malloc(ALLOCATION_STEP * sizeof(GScanMatch *)); - result->allocated = ALLOCATION_STEP; - result->used = 0; - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : tracker = structure de gestion à manipuler. * -* * -* Description : Termine le suivi de trouvailles pour un motif. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void delete_full_match_tracker(full_match_tracker_t *tracker) -{ - size_t i; /* Boucle de parcours */ - - g_object_unref(G_OBJECT(tracker->pattern)); - - for (i = 0; i < tracker->used; i++) - g_object_unref(G_OBJECT(tracker->matches[i])); - - free(tracker->matches); - - free(tracker); - -} - - -/****************************************************************************** -* * -* Paramètres : a = première structure de suivi à consulter. * -* b = seconde structure de suivi à consulter. * -* * -* Description : Etablit la comparaison entre deux structures de suivi. * -* * -* Retour : Bilan : -1 (a < b), 0 (a == b) ou 1 (a > b). * -* * -* Remarques : - * -* * -******************************************************************************/ - -static int compare_full_match_trackers(const full_match_tracker_t **a, const full_match_tracker_t **b) -{ - int result; /* Bilan à renvoyer */ - - result = sort_unsigned_long((unsigned long)(*a)->pattern, (unsigned long)(*b)->pattern); - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : tracker = structure de gestion à manipuler. * -* match = correspondance complète établie. * -* * -* Description : Note l'existence d'une nouvelle correspondance pour un motif.* -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void add_match_to_full_match_tracker(full_match_tracker_t *tracker, GScanMatch *match) -{ - if (tracker->used == tracker->allocated) - { - tracker->allocated += ALLOCATION_STEP; - tracker->matches = realloc(tracker->matches, tracker->allocated * sizeof(GScanMatch *)); - } - - tracker->matches[tracker->used++] = match; - g_object_ref(G_OBJECT(match)); - -} +#endif @@ -239,12 +114,17 @@ static void g_scan_context_init(GScanContext *context) context->content = NULL; context->scan_done = false; - context->next_patid = 0; - - context->atom_trackers = NULL; + context->match_allocator = g_umem_slice_new(sizeof(match_area_t)); + context->match_storages = NULL; + context->storages_count = 0; +#ifdef __USE_TABLE_FOR_MATCHES + context->full_trackers = g_hash_table_new_full(NULL, NULL, NULL/*g_object_unref*/, g_object_unref); +#else context->full_trackers = NULL; + context->full_allocated = 0; context->full_count = 0; +#endif context->global = true; @@ -268,18 +148,39 @@ static void g_scan_context_init(GScanContext *context) static void g_scan_context_dispose(GScanContext *context) { - size_t i; /* Boucle de parcours */ +#ifndef __USE_TABLE_FOR_MATCHES + matched_pattern_t *iter; /* Boucle de parcours #1 */ + matched_pattern_t *max; /* Borne de fin de parcours */ +#endif + size_t i; /* Boucle de parcours #2 */ g_clear_object(&context->options); g_clear_object(&context->content); - for (i = 0; i < context->full_count; i++) - if (context->full_trackers[i] != NULL) - { - delete_full_match_tracker(context->full_trackers[i]); - context->full_trackers[i] = NULL; - } + g_clear_object(&context->match_allocator); + + if (context->full_trackers != NULL) + { +#ifdef __USE_TABLE_FOR_MATCHES + + g_hash_table_destroy(context->full_trackers); + context->full_trackers = NULL; + +#else + + iter = context->full_trackers; + max = iter + context->full_count; + + for (; iter < max; iter++) + g_object_unref(G_OBJECT(iter->matches)); + + free(context->full_trackers); + context->full_trackers = NULL; + +#endif + + } for (i = 0; i < context->cond_count; i++) g_clear_object(&context->conditions[i].expr); @@ -304,25 +205,9 @@ static void g_scan_context_dispose(GScanContext *context) static void g_scan_context_finalize(GScanContext *context) { size_t i; /* Boucle de parcours */ - atom_match_tracker_t *atracker; /* Conservateur à manipuler #1 */ - if (context->atom_trackers != NULL) - { - for (i = 0; i < context->next_patid; i++) - { - atracker = context->atom_trackers + i; - - if (atracker->matches != NULL) - free(atracker->matches); - - } - - free(context->atom_trackers); - - } - - if (context->full_trackers != NULL) - free(context->full_trackers); + if (context->match_storages != NULL) + free(context->match_storages); if (context->conditions != NULL) { @@ -391,31 +276,9 @@ GScanOptions *g_scan_context_get_options(const GScanContext *context) /****************************************************************************** * * -* Paramètres : context = instance à consulter. * -* * -* Description : Fournit un identifiant unique pour un motif recherché. * -* * -* Retour : Identifiant nouveau à utiliser. * -* * -* Remarques : - * -* * -******************************************************************************/ - -patid_t g_scan_context_get_new_pattern_id(GScanContext *context) -{ - patid_t result; /* Identifiant à retourner */ - - result = context->next_patid++; - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : context = instance à consulter. * -* content = contenu binaire en cours d'analyse. * +* Paramètres : context = instance à consulter. * +* content = contenu binaire en cours d'analyse. * +* ids_count = nombre d'identifiants enregistrés. * * * * Description : Définit le contenu principal à analyser. * * * @@ -425,7 +288,7 @@ patid_t g_scan_context_get_new_pattern_id(GScanContext *context) * * ******************************************************************************/ -void g_scan_context_set_content(GScanContext *context, GBinContent *content) +void g_scan_context_set_content(GScanContext *context, GBinContent *content, size_t ids_count) { g_clear_object(&context->content); @@ -433,7 +296,8 @@ void g_scan_context_set_content(GScanContext *context, GBinContent *content) g_object_ref(G_OBJECT(content)); - context->atom_trackers = calloc(context->next_patid, sizeof(atom_match_tracker_t)); + context->match_storages = calloc(ids_count, sizeof(match_area_t *)); + context->storages_count = ids_count; } @@ -509,29 +373,25 @@ void g_scan_context_mark_scan_as_done(GScanContext *context) * * * Paramètres : context = instance à mettre à jour. * * id = identifiant du motif trouvé. * -* offset = localisation du motif au sein d'un contenu. * +* end = position finale d'une correspondance partielle. * * * -* Description : Enregistre une correspondance partielle dans un contenu. * +* Description : Retourne tous les correspondances partielles notées. * * * -* Retour : - * +* Retour : Liste interne des localisations conservées. * * * * Remarques : - * * * ******************************************************************************/ -void g_scan_context_register_atom_match(GScanContext *context, patid_t id, phys_t offset) +void g_scan_context_store_atom_match_end(GScanContext *context, patid_t id, phys_t end) { - atom_match_tracker_t *tracker; /* Gestionnaire concerné */ + match_area_t *new; /* Nouvel enregistrement */ - tracker = &context->atom_trackers[id]; + new = g_umem_slice_alloc(context->match_allocator); - if (tracker->used == tracker->allocated) - { - tracker->allocated += ALLOCATION_STEP; - tracker->matches = realloc(tracker->matches, tracker->allocated * sizeof(phys_t)); - } + new->end = end + 1; - tracker->matches[tracker->used++] = offset; + add_tail_match_area(new, &context->match_storages[id]); } @@ -540,7 +400,6 @@ void g_scan_context_register_atom_match(GScanContext *context, patid_t id, phys_ * * * Paramètres : context = instance à mettre à jour. * * id = identifiant du motif trouvé. * -* count = nombre de localisations renvoyées. [OUT] * * * * Description : Retourne tous les correspondances partielles notées. * * * @@ -550,27 +409,54 @@ void g_scan_context_register_atom_match(GScanContext *context, patid_t id, phys_ * * ******************************************************************************/ -const phys_t *g_scan_context_get_atom_matches(const GScanContext *context, patid_t id, size_t *count) +match_area_t *g_scan_context_get_atom_matches(const GScanContext *context, patid_t id) +{ + match_area_t *result; /* Liste constituée à renvoyer */ + + result = context->match_storages[id]; + + return result; + +} + + +#ifndef __USE_TABLE_FOR_MATCHES + +/****************************************************************************** +* * +* Paramètres : a = premier lien motif/correspondances à comparer. * +* b = second lien motif/correspondances à comparer. * +* * +* Description : Compare un lien entre motif et correspondances avec un autre.* +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int compare_matched_pattern(const matched_pattern_t *a, const matched_pattern_t *b) { - const phys_t *result; /* Liste constituée à renvoyer */ - atom_match_tracker_t *tracker; /* Gestionnaire concerné */ + int result; /* Bilan à renvoyer */ - tracker = &context->atom_trackers[id]; + assert(sizeof(unsigned long) == sizeof(void *)); - result = tracker->matches; - *count = tracker->used; + result = sort_unsigned_long((unsigned long)a->pattern, (unsigned long)b->pattern); return result; } +#endif + /****************************************************************************** * * * Paramètres : context = instance à mettre à jour. * -* match = représentation d'une plein ecorrespondance. * +* pattern = definition initiale d'un motif recherché. * +* matches = mémorisation de correspondances établies. * * * -* Description : Enregistre une correspondance complète avec un contenu. * +* Description : Enregistre toutes les correspondances établies pour un motif.* * * * Retour : - * * * @@ -578,35 +464,48 @@ const phys_t *g_scan_context_get_atom_matches(const GScanContext *context, patid * * ******************************************************************************/ -void g_scan_context_register_full_match(GScanContext *context, GScanMatch *match) +void g_scan_context_register_full_matches(GScanContext *context, GSearchPattern *pattern, GScanMatches *matches) { - GSearchPattern *pattern; /* Clef d'un suivi */ - full_match_tracker_t key; /* Modèle d'identification */ - full_match_tracker_t **found; /* Structure à actualiser */ - full_match_tracker_t *tracker; /* Nouveau suivi à intégrer */ +#ifndef NDEBUG + GSearchPattern *matches_pattern; /* Clef d'un suivi */ +#endif +#ifndef __USE_TABLE_FOR_MATCHES + matched_pattern_t new; /* Nouvel enregistrement */ +#endif - pattern = g_scan_match_get_source(match); +#ifndef NDEBUG - key.pattern = pattern; + matches_pattern = g_scan_matches_get_source(matches); - found = bsearch((full_match_tracker_t *[]) { &key }, context->full_trackers, context->full_count, - sizeof(full_match_tracker_t *), (__compar_fn_t)compare_full_match_trackers); + assert(matches_pattern == pattern); - if (found == NULL) - { - tracker = create_full_match_tracker(pattern); + g_object_unref(G_OBJECT(matches_pattern)); - context->full_trackers = qinsert(context->full_trackers, &context->full_count, - sizeof(full_match_tracker_t *), - (__compar_fn_t)compare_full_match_trackers, &tracker); +#endif - } - else - tracker = *found; +#ifdef __USE_TABLE_FOR_MATCHES + + assert(!g_hash_table_contains(context->full_trackers, pattern)); + + //g_object_ref(G_OBJECT(pattern)); /* TODO : REMME */ + g_object_ref(G_OBJECT(matches)); + + g_hash_table_insert(context->full_trackers, pattern, matches); + +#else + + new.pattern = pattern; + new.matches = matches; - add_match_to_full_match_tracker(tracker, match); + g_object_ref(G_OBJECT(matches)); - g_object_unref(G_OBJECT(pattern)); + context->full_trackers = qinsert_managed(context->full_trackers, &context->full_count, &context->full_allocated, + sizeof(matched_pattern_t), (__compar_fn_t)compare_matched_pattern, + &new); + +#endif + + g_scan_matches_attach(matches, context, pattern); } @@ -615,9 +514,8 @@ void g_scan_context_register_full_match(GScanContext *context, GScanMatch *match * * * Paramètres : context = instance à mettre à jour. * * pattern = motif dont des correspondances sont à retrouver. * -* count = quantité de correspondances enregistrées. [OUT] * * * -* Description : Fournit la liste de toutes les correspondances d'un motif. * +* Description : Fournit la liste de toutes les correspondances pour un motif.* * * * Retour : Liste courante de correspondances établies. * * * @@ -625,29 +523,90 @@ void g_scan_context_register_full_match(GScanContext *context, GScanMatch *match * * ******************************************************************************/ -const GScanMatch **g_scan_context_get_full_matches(const GScanContext *context, const GSearchPattern *pattern, size_t *count) +GScanMatches *g_scan_context_get_full_matches(const GScanContext *context, const GSearchPattern *pattern) { - GScanMatch **result; /* Correspondance à renvoyer */ - full_match_tracker_t key; /* Modèle d'identification */ - full_match_tracker_t **found; /* Structure à actualiser */ + GScanMatches *result; /* Correspondance à renvoyer */ +#ifndef __USE_TABLE_FOR_MATCHES + matched_pattern_t target; /* Lien ciblé */ + matched_pattern_t *found; /* Lien trouvé */ +#endif + +#ifdef __USE_TABLE_FOR_MATCHES + + result = g_hash_table_lookup(context->full_trackers, pattern); - key.pattern = pattern; + if (result != NULL) + g_object_ref(G_OBJECT(result)); - found = bsearch((full_match_tracker_t *[]) { &key }, context->full_trackers, context->full_count, - sizeof(full_match_tracker_t *), (__compar_fn_t)compare_full_match_trackers); +#else + + target.pattern = pattern; + + found = bsearch(&target, context->full_trackers, context->full_count, + sizeof(matched_pattern_t), (__compar_fn_t)compare_matched_pattern); if (found == NULL) - { result = NULL; - *count = 0; - } else { - result = (*found)->matches; - *count = (*found)->used; + result = found->matches; + g_object_ref(G_OBJECT(result)); } +#endif + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : context = instance à mettre à jour. * +* pattern = motif dont des correspondances sont à retrouver. * +* * +* Description : Dénombre les correspondances associées à un motif. * +* * +* Retour : Quantité de correspondances établies pour un motif entier. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_scan_context_count_full_matches(const GScanContext *context, const GSearchPattern *pattern) +{ + size_t result; /* Quantité à retourner */ +#ifdef __USE_TABLE_FOR_MATCHES + GScanMatches *matches; /* Ensemble de Correspondances */ +#else + matched_pattern_t target; /* Lien ciblé */ + matched_pattern_t *found; /* Lien trouvé */ +#endif + +#ifdef __USE_TABLE_FOR_MATCHES + + matches = g_hash_table_lookup(context->full_trackers, pattern); + + if (matches != NULL) + result = g_scan_matches_count(matches); + else + result = 0; + +#else + + target.pattern = pattern; + + found = bsearch(&target, context->full_trackers, context->full_count, + sizeof(matched_pattern_t), (__compar_fn_t)compare_matched_pattern); + + if (found == NULL) + result = 0; + else + result = g_scan_matches_count(found->matches); + +#endif + return result; } diff --git a/src/analysis/scan/context.h b/src/analysis/scan/context.h index 7fb3dd4..c3b979d 100644 --- a/src/analysis/scan/context.h +++ b/src/analysis/scan/context.h @@ -28,8 +28,10 @@ #include <glib-object.h> -#include "match.h" +#include "matches.h" #include "options.h" +#include "matches/area.h" +#include "patterns/patid.h" #include "../content.h" @@ -53,12 +55,6 @@ typedef struct _GScanContext GScanContext; typedef struct _GScanContextClass GScanContextClass; -/* Identifiant de motif intégré */ -typedef uint64_t patid_t; - -#define INVALID_PATTERN_ID 0xffffffffffffffff - - /* Indique le type défini pour un contexte de suivi d'analyse. */ GType g_scan_context_get_type(void); @@ -68,11 +64,8 @@ GScanContext *g_scan_context_new(GScanOptions *); /* Fournit l'ensemble des options à respecter pour les analyses. */ GScanOptions *g_scan_context_get_options(const GScanContext *); -/* Fournit un identifiant unique pour un motif recherché. */ -patid_t g_scan_context_get_new_pattern_id(GScanContext *); - /* Définit le contenu principal à analyser. */ -void g_scan_context_set_content(GScanContext *, GBinContent *); +void g_scan_context_set_content(GScanContext *, GBinContent *, size_t); /* Fournit une référence au contenu principal analysé. */ GBinContent *g_scan_context_get_content(const GScanContext *); @@ -83,17 +76,20 @@ bool g_scan_context_is_scan_done(const GScanContext *); /* Note que la phase d'analyse de contenu est terminée. */ void g_scan_context_mark_scan_as_done(GScanContext *); -/* Enregistre une correspondance partielle dans un contenu. */ -void g_scan_context_register_atom_match(GScanContext *, patid_t, phys_t); +/* Retourne tous les correspondances partielles notées. */ +void g_scan_context_store_atom_match_end(GScanContext *, patid_t, phys_t); /* Retourne tous les correspondances partielles notées. */ -const phys_t *g_scan_context_get_atom_matches(const GScanContext *, patid_t, size_t *); +match_area_t *g_scan_context_get_atom_matches(const GScanContext *, patid_t); + +/* Enregistre toutes les correspondances établies pour un motif. */ +void g_scan_context_register_full_matches(GScanContext *, GSearchPattern *, GScanMatches *); -/* Enregistre une correspondance complète avec un contenu. */ -void g_scan_context_register_full_match(GScanContext *, GScanMatch *); +/* Fournit la liste de toutes les correspondances pour un motif. */ +GScanMatches *g_scan_context_get_full_matches(const GScanContext *, const GSearchPattern *); -/* Fournit la liste de toutes les correspondances d'un motif. */ -const GScanMatch **g_scan_context_get_full_matches(const GScanContext *, const GSearchPattern *, size_t *); +/* Dénombre les correspondances associées à un motif. */ +size_t g_scan_context_count_full_matches(const GScanContext *, const GSearchPattern *); /* Intègre une condition de correspondance pour règle. */ bool g_scan_context_set_rule_condition(GScanContext *, const char *, GScanExpression *); diff --git a/src/analysis/scan/core.c b/src/analysis/scan/core.c index da3cf00..2b4fd92 100644 --- a/src/analysis/scan/core.c +++ b/src/analysis/scan/core.c @@ -30,6 +30,8 @@ #include "items/count.h" #include "items/datasize.h" +#include "items/maxcommon.h" +#include "items/modpath.h" #include "items/uint.h" #include "items/console/log.h" #ifdef INCLUDE_MAGIC_SUPPORT @@ -41,18 +43,23 @@ #include "items/string/lower.h" #include "items/string/to_int.h" #include "items/string/upper.h" +#include "items/string/wide.h" #include "items/time/make.h" #include "items/time/now.h" #include "patterns/modifiers/hex.h" +#include "patterns/modifiers/lower.h" #include "patterns/modifiers/plain.h" #include "patterns/modifiers/rev.h" +#include "patterns/modifiers/upper.h" +#include "patterns/modifiers/wide.h" +#include "patterns/modifiers/xor.h" /* Liste des modificateurs disponibles */ typedef struct _available_modifier_t { - char *name; /* Désignation humaine */ + sized_string_t name; /* Désignation humaine */ GScanTokenModifier *instance; /* Mécanisme correspondant */ } available_modifier_t; @@ -76,18 +83,19 @@ static size_t __modifiers_count = 0; bool register_scan_token_modifier(GScanTokenModifier *modifier) { bool result; /* Bilan à retourner */ - char *name; /* Nom donné au modificateur */ + sized_string_t name; /* Nom donné au modificateur */ GScanTokenModifier *found; /* Alternative présente */ available_modifier_t *last; /* Emplacement disponible */ - name = g_scan_token_modifier_get_name(modifier); + name.data = g_scan_token_modifier_get_name(modifier); + name.len = strlen(name.data); - found = find_scan_token_modifiers_for_name(name); + found = find_scan_token_modifiers_for_name(&name); result = (found == NULL); if (!result) - free(name); + exit_szstr(&name); else { @@ -126,17 +134,52 @@ bool load_all_known_scan_token_modifiers(void) result = true; -#define REGISTER_SCAN_MODIFIER(m) \ - ({ \ - bool __status; \ - __status = register_scan_token_modifier(m); \ - g_object_unref(G_OBJECT(m)); \ - __status; \ +#define REGISTER_SCAN_MODIFIER(m) \ + ({ \ + GScanTokenModifier *__mod; \ + bool __status; \ + __mod = m; \ + __status = register_scan_token_modifier(__mod); \ + g_object_unref(G_OBJECT(__mod)); \ + __status; \ }) if (result) result = REGISTER_SCAN_MODIFIER(g_scan_hex_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_lower_modifier_new()); if (result) result = REGISTER_SCAN_MODIFIER(g_scan_plain_modifier_new()); if (result) result = REGISTER_SCAN_MODIFIER(g_scan_reverse_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_upper_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_wide_modifier_new()); + if (result) result = REGISTER_SCAN_MODIFIER(g_scan_xor_modifier_new()); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : count = nombre de motificateurs exportés. [OUT] * +* * +* Description : Fournit la désignation de l'ensemble des modificateurs. * +* * +* Retour : Liste de modificateurs enregistrés. * +* * +* Remarques : - * +* * +******************************************************************************/ + +char **list_all_scan_token_modifiers(size_t *count) +{ + char **result; /* Liste à retourner */ + size_t i; /* Boucle de parcours */ + + result = malloc(__modifiers_count * sizeof(char *)); + + *count = __modifiers_count; + + for (i = 0; i < __modifiers_count; i++) + result[i] = strndup(__modifiers[i].name.data, __modifiers[i].name.len); return result; @@ -160,7 +203,10 @@ void unload_all_scan_token_modifiers(void) size_t i; /* Boucle de parcours */ for (i = 0; i < __modifiers_count; i++) + { + exit_szstr(&__modifiers[i].name); g_object_unref(G_OBJECT(__modifiers[i].instance)); + } if (__modifiers != NULL) free(__modifiers); @@ -180,7 +226,7 @@ void unload_all_scan_token_modifiers(void) * * ******************************************************************************/ -GScanTokenModifier *find_scan_token_modifiers_for_name(const char *name) +GScanTokenModifier *find_scan_token_modifiers_for_name(const sized_string_t *name) { GScanTokenModifier *result; /* Instance à renvoyer */ size_t i; /* Boucle de parcours */ @@ -192,7 +238,10 @@ GScanTokenModifier *find_scan_token_modifiers_for_name(const char *name) { registered = __modifiers + i; - if (strcmp(registered->name, name) == 0) + if (registered->name.len != name->len) + continue; + + if (strncmp(registered->name.data, name->data, name->len) == 0) { result = registered->instance; g_object_ref(G_OBJECT(result)); @@ -225,16 +274,20 @@ bool populate_main_scan_namespace(GScanNamespace *space) result = true; -#define REGISTER_FUNC(s, f) \ - ({ \ - bool __result; \ - __result = g_scan_namespace_register_item(s, f); \ - g_object_unref(G_OBJECT(f)); \ - __result; \ +#define REGISTER_FUNC(s, f) \ + ({ \ + GScanRegisteredItem *__item; \ + bool __result; \ + __item = f; \ + __result = g_scan_namespace_register_item(s, __item); \ + g_object_unref(G_OBJECT(__item)); \ + __result; \ }) if (result) result = REGISTER_FUNC(space, g_scan_count_function_new()); if (result) result = REGISTER_FUNC(space, g_scan_datasize_function_new()); + if (result) result = REGISTER_FUNC(space, g_scan_maxcommon_function_new()); + if (result) result = REGISTER_FUNC(space, g_scan_modpath_function_new()); if (result) result = REGISTER_FUNC(space, g_scan_uint_function_new(MDS_8_BITS_SIGNED, SRE_LITTLE)); if (result) result = REGISTER_FUNC(space, g_scan_uint_function_new(MDS_8_BITS_UNSIGNED, SRE_LITTLE)); @@ -259,7 +312,7 @@ bool populate_main_scan_namespace(GScanNamespace *space) if (result) { ns = g_scan_namespace_new("console"); - result = g_scan_namespace_register_item(space, G_REGISTERED_ITEM(ns)); + result = g_scan_namespace_register_item(space, G_SCAN_REGISTERED_ITEM(ns)); if (result) result = REGISTER_FUNC(ns, g_scan_console_log_function_new()); @@ -273,7 +326,7 @@ bool populate_main_scan_namespace(GScanNamespace *space) if (result) { ns = g_scan_namespace_new("magic"); - result = g_scan_namespace_register_item(space, G_REGISTERED_ITEM(ns)); + result = g_scan_namespace_register_item(space, G_SCAN_REGISTERED_ITEM(ns)); if (result) result = REGISTER_FUNC(ns, g_scan_magic_type_function_new()); if (result) result = REGISTER_FUNC(ns, g_scan_mime_encoding_function_new()); @@ -289,7 +342,7 @@ bool populate_main_scan_namespace(GScanNamespace *space) if (result) { ns = g_scan_namespace_new("math"); - result = g_scan_namespace_register_item(space, G_REGISTERED_ITEM(ns)); + result = g_scan_namespace_register_item(space, G_SCAN_REGISTERED_ITEM(ns)); if (result) result = REGISTER_FUNC(ns, g_scan_math_to_string_function_new()); @@ -302,11 +355,12 @@ bool populate_main_scan_namespace(GScanNamespace *space) if (result) { ns = g_scan_namespace_new("string"); - result = g_scan_namespace_register_item(space, G_REGISTERED_ITEM(ns)); + result = g_scan_namespace_register_item(space, G_SCAN_REGISTERED_ITEM(ns)); if (result) result = REGISTER_FUNC(ns, g_scan_string_lower_function_new()); if (result) result = REGISTER_FUNC(ns, g_scan_string_to_int_function_new()); if (result) result = REGISTER_FUNC(ns, g_scan_string_upper_function_new()); + if (result) result = REGISTER_FUNC(ns, g_scan_string_wide_function_new()); g_object_unref(G_OBJECT(ns)); @@ -317,7 +371,7 @@ bool populate_main_scan_namespace(GScanNamespace *space) if (result) { ns = g_scan_namespace_new("time"); - result = g_scan_namespace_register_item(space, G_REGISTERED_ITEM(ns)); + result = g_scan_namespace_register_item(space, G_SCAN_REGISTERED_ITEM(ns)); if (result) result = REGISTER_FUNC(ns, g_scan_time_make_function_new()); if (result) result = REGISTER_FUNC(ns, g_scan_time_now_function_new()); diff --git a/src/analysis/scan/core.h b/src/analysis/scan/core.h index 86a47da..a56ce16 100644 --- a/src/analysis/scan/core.h +++ b/src/analysis/scan/core.h @@ -36,11 +36,14 @@ bool register_scan_token_modifier(GScanTokenModifier *); /* Charge tous les modificateurs de base. */ bool load_all_known_scan_token_modifiers(void); +/* Fournit la désignation de l'ensemble des modificateurs. */ +char **list_all_scan_token_modifiers(size_t *); + /* Décharge tous les modificateurs inscrits. */ void unload_all_scan_token_modifiers(void); /* Fournit le modificateur correspondant à un nom. */ -GScanTokenModifier *find_scan_token_modifiers_for_name(const char *); +GScanTokenModifier *find_scan_token_modifiers_for_name(const sized_string_t *); /* Inscrit les principales fonctions dans l'espace racine. */ bool populate_main_scan_namespace(GScanNamespace *); diff --git a/src/analysis/scan/exprs/Makefile.am b/src/analysis/scan/exprs/Makefile.am index a0b2f3d..c97fa25 100644 --- a/src/analysis/scan/exprs/Makefile.am +++ b/src/analysis/scan/exprs/Makefile.am @@ -9,8 +9,8 @@ libanalysisscanexprs_la_SOURCES = \ arithmetic.h arithmetic.c \ call-int.h \ call.h call.c \ - counter-int.h \ - counter.h counter.c \ + extract-int.h \ + extract.h extract.c \ handler-int.h \ handler.h handler.c \ intersect-int.h \ diff --git a/src/analysis/scan/exprs/access-int.h b/src/analysis/scan/exprs/access-int.h index 3216493..be37241 100644 --- a/src/analysis/scan/exprs/access-int.h +++ b/src/analysis/scan/exprs/access-int.h @@ -42,8 +42,8 @@ struct _GScanNamedAccess union { - GRegisteredItem *base; /* Base de recherche */ - GRegisteredItem *resolved; /* Elément ciblé au final */ + GScanRegisteredItem *base; /* Base de recherche */ + GScanRegisteredItem *resolved; /* Elément ciblé au final */ GObject *any; /* Accès indistinct */ }; @@ -67,7 +67,7 @@ struct _GScanNamedAccessClass bool g_scan_named_access_create(GScanNamedAccess *, const sized_string_t *); /* Prépare une réduction en menant une résolution locale. */ -GRegisteredItem *_g_scan_named_access_prepare_reduction(const GScanNamedAccess *, GScanContext *, GScanScope *); +GScanRegisteredItem *_g_scan_named_access_prepare_reduction(const GScanNamedAccess *, GScanContext *, GScanScope *); diff --git a/src/analysis/scan/exprs/access.c b/src/analysis/scan/exprs/access.c index 0df46e6..342c2d7 100644 --- a/src/analysis/scan/exprs/access.c +++ b/src/analysis/scan/exprs/access.c @@ -281,7 +281,7 @@ static void g_scan_named_access_copy(GScanNamedAccess *dest, const GScanNamedAcc * * ******************************************************************************/ -GScanExpression *g_scan_named_access_duplicate(const GScanNamedAccess *access, GRegisteredItem *resolved) +GScanExpression *g_scan_named_access_duplicate(const GScanNamedAccess *access, GScanRegisteredItem *resolved) { GScanExpression *result; /* Instance copiée à retourner */ GType type; /* Type d'objet à copier */ @@ -315,7 +315,7 @@ GScanExpression *g_scan_named_access_duplicate(const GScanNamedAccess *access, G * * ******************************************************************************/ -void g_scan_named_access_set_base(GScanNamedAccess *access, GRegisteredItem *base) +void g_scan_named_access_set_base(GScanNamedAccess *access, GScanRegisteredItem *base) { g_clear_object(&access->base); @@ -372,10 +372,10 @@ void g_scan_named_access_attach_next(GScanNamedAccess *access, GScanNamedAccess * * ******************************************************************************/ -GRegisteredItem *_g_scan_named_access_prepare_reduction(const GScanNamedAccess *expr, GScanContext *ctx, GScanScope *scope) +GScanRegisteredItem *_g_scan_named_access_prepare_reduction(const GScanNamedAccess *expr, GScanContext *ctx, GScanScope *scope) { - GRegisteredItem *result; /* Etat synthétisé à retourner */ - GRegisteredItem *base; /* Base de recherche courante */ + GScanRegisteredItem *result; /* Etat synthétisé à retourner */ + GScanRegisteredItem *base; /* Base de recherche courante */ result = NULL; @@ -387,9 +387,11 @@ GRegisteredItem *_g_scan_named_access_prepare_reduction(const GScanNamedAccess * g_object_ref(G_OBJECT(base)); } else - base = G_REGISTERED_ITEM(get_rost_root_namespace()); + base = G_SCAN_REGISTERED_ITEM(get_rost_root_namespace()); - g_registered_item_resolve(base, expr->target, ctx, scope, &result); + g_scan_registered_item_resolve(base, expr->target, ctx, scope, &result); + + g_object_unref(G_OBJECT(base)); } @@ -429,7 +431,7 @@ GRegisteredItem *_g_scan_named_access_prepare_reduction(const GScanNamedAccess * static ScanReductionState g_scan_named_access_reduce(const GScanNamedAccess *expr, GScanContext *ctx, GScanScope *scope, GScanExpression **out) { ScanReductionState result; /* Etat synthétisé à retourner */ - GRegisteredItem *resolved; /* Cible concrète obtenue */ + GScanRegisteredItem *resolved; /* Cible concrète obtenue */ GScanExpression *new_next; /* Nouvelle version du suivant */ const char *current_rule; /* Nom de la règle courante */ bool status; /* Bilan d'une autre règle */ @@ -448,7 +450,7 @@ static ScanReductionState g_scan_named_access_reduce(const GScanNamedAccess *exp */ if (expr->next == NULL) { - status = g_registered_item_reduce(resolved, ctx, scope, out); + status = g_scan_registered_item_reduce(resolved, ctx, scope, out); result = (status ? SRS_REDUCED : SRS_UNRESOLVABLE); diff --git a/src/analysis/scan/exprs/access.h b/src/analysis/scan/exprs/access.h index 7c007a9..bf83dd0 100644 --- a/src/analysis/scan/exprs/access.h +++ b/src/analysis/scan/exprs/access.h @@ -53,10 +53,10 @@ GType g_scan_named_access_get_type(void); GScanExpression *g_scan_named_access_new(const sized_string_t *); /* Reproduit un accès en place dans une nouvelle instance. */ -GScanExpression *g_scan_named_access_duplicate(const GScanNamedAccess *, GRegisteredItem *); +GScanExpression *g_scan_named_access_duplicate(const GScanNamedAccess *, GScanRegisteredItem *); /* Définit une base de recherche pour la cible d'accès. */ -void g_scan_named_access_set_base(GScanNamedAccess *, GRegisteredItem *); +void g_scan_named_access_set_base(GScanNamedAccess *, GScanRegisteredItem *); /* Complète la chaine d'accès à des expressions. */ void g_scan_named_access_attach_next(GScanNamedAccess *, GScanNamedAccess *); diff --git a/src/analysis/scan/exprs/call.c b/src/analysis/scan/exprs/call.c index f68159f..3997ff6 100644 --- a/src/analysis/scan/exprs/call.c +++ b/src/analysis/scan/exprs/call.c @@ -264,16 +264,16 @@ static ScanReductionState g_scan_pending_call_reduce(const GScanPendingCall *exp { ScanReductionState result; /* Etat synthétisé à retourner */ GScanNamedAccess *access; /* Autre vision de l'expression*/ - GRegisteredItem *resolved; /* Cible concrète obtenue */ + GScanRegisteredItem *resolved; /* Cible concrète obtenue */ size_t i; /* Boucle de parcours #1 */ GScanExpression *arg; /* Argument réduit à échanger */ GScanExpression *new; /* Nouvelle réduction obtenue */ ScanReductionState state; /* Etat synthétisé d'un élément*/ size_t k; /* Boucle de parcours #2 */ GScanExpression **new_args; /* Nouvelle séquence d'args. */ - GScanExpression *new_next; /* Nouvelle version du suivant */ GObject *final; /* Expression ou élément ? */ bool valid; /* Validité de l'élément */ + GScanExpression *new_next; /* Nouvelle version du suivant */ access = G_SCAN_NAMED_ACCESS(expr); @@ -326,6 +326,10 @@ static ScanReductionState g_scan_pending_call_reduce(const GScanPendingCall *exp { if (new_args != NULL) new_args[i] = new; + + else + g_object_unref(G_OBJECT(new)); + } } @@ -358,15 +362,15 @@ static ScanReductionState g_scan_pending_call_reduce(const GScanPendingCall *exp else if (result == SRS_PENDING) { if (new_args == NULL) - valid = g_registered_item_run_call(resolved, - expr->args, - expr->count, - ctx, scope, &final); + valid = g_scan_registered_item_run_call(resolved, + expr->args, + expr->count, + ctx, scope, &final); else - valid = g_registered_item_run_call(resolved, - new_args, - expr->count, - ctx, scope, &final); + valid = g_scan_registered_item_run_call(resolved, + new_args, + expr->count, + ctx, scope, &final); if (valid && final != NULL) { @@ -376,7 +380,7 @@ static ScanReductionState g_scan_pending_call_reduce(const GScanPendingCall *exp * * Ce cas de figure ne se rencontre normalement qu'en bout de chaîne. */ - if (!G_IS_REGISTERED_ITEM(final)) + if (!G_IS_SCAN_REGISTERED_ITEM(final)) { if (access->next != NULL) result = SRS_UNRESOLVABLE; @@ -395,7 +399,7 @@ static ScanReductionState g_scan_pending_call_reduce(const GScanPendingCall *exp { assert(access->next != NULL); - new_next = g_scan_named_access_duplicate(access->next, G_REGISTERED_ITEM(final)); + new_next = g_scan_named_access_duplicate(access->next, G_SCAN_REGISTERED_ITEM(final)); result = g_scan_expression_reduce(new_next, ctx, scope, out); diff --git a/src/analysis/scan/exprs/counter.h b/src/analysis/scan/exprs/counter.h deleted file mode 100644 index c90953e..0000000 --- a/src/analysis/scan/exprs/counter.h +++ /dev/null @@ -1,59 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * counter.h - prototypes pour le décompte de correspondances identifiées dans du contenu binaire - * - * Copyright (C) 2023 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Foobar. If not, see <http://www.gnu.org/licenses/>. - */ - - -#ifndef _ANALYSIS_SCAN_EXPRS_COUNTER_H -#define _ANALYSIS_SCAN_EXPRS_COUNTER_H - - -#include <glib-object.h> - - -#include "../expr.h" -#include "../pattern.h" - - - -#define G_TYPE_SCAN_MATCH_COUNTER g_scan_match_counter_get_type() -#define G_SCAN_MATCH_COUNTER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_MATCH_COUNTER, GScanMatchCounter)) -#define G_IS_SCAN_MATCH_COUNTER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_MATCH_COUNTER)) -#define G_SCAN_MATCH_COUNTER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_MATCH_COUNTER, GScanMatchCounterClass)) -#define G_IS_SCAN_MATCH_COUNTER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_MATCH_COUNTER)) -#define G_SCAN_MATCH_COUNTER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_MATCH_COUNTER, GScanMatchCounterClass)) - - -/* Décompte des identifications de motifs (instance) */ -typedef struct _GScanMatchCounter GScanMatchCounter; - -/* Décompte des identifications de motifs (classe) */ -typedef struct _GScanMatchCounterClass GScanMatchCounterClass; - - -/* Indique le type défini pour un décompte de résultats lors d'une recherche de motifs. */ -GType g_scan_match_counter_get_type(void); - -/* Met en place un décompte de correspondances obtenues. */ -GScanExpression *g_scan_match_counter_new(GSearchPattern *); - - - -#endif /* _ANALYSIS_SCAN_EXPRS_COUNTER_H */ diff --git a/src/analysis/scan/exprs/extract-int.h b/src/analysis/scan/exprs/extract-int.h new file mode 100644 index 0000000..562e537 --- /dev/null +++ b/src/analysis/scan/exprs/extract-int.h @@ -0,0 +1,57 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * extract-int.h - prototypes internes pour l'organisation d'une extraction d'un élément d'une série interne + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_EXPRS_EXTRACT_INT_H +#define _ANALYSIS_SCAN_EXPRS_EXTRACT_INT_H + + +#include "extract.h" + + +#include "access-int.h" + + + +/* Extraction d'un élément donné au sein d'une série interne (instance) */ +struct _GScanPendingExtraction +{ + GScanNamedAccess parent; /* A laisser en premier */ + + GScanExpression *index; /* Arguments d'appel fournis */ + +}; + +/* Extraction d'un élément donné au sein d'une série interne (classe) */ +struct _GScanPendingExtractionClass +{ + GScanNamedAccessClass parent; /* A laisser en premier */ + +}; + + +/* Met en place une expression d'extraction d'élément interne. */ +bool g_scan_pending_extraction_create(GScanPendingExtraction *, const sized_string_t *, GScanExpression *); + + + +#endif /* _ANALYSIS_SCAN_EXPRS_EXTRACT_INT_H */ diff --git a/src/analysis/scan/exprs/extract.c b/src/analysis/scan/exprs/extract.c new file mode 100644 index 0000000..b140ed9 --- /dev/null +++ b/src/analysis/scan/exprs/extract.c @@ -0,0 +1,396 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * extract.c - organisation d'une extraction d'un élément d'une série interne + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "extract.h" + + +#include <assert.h> +#include <string.h> + + +#include "extract-int.h" +#include "../../../core/global.h" + + + +/* --------------------- INTRODUCTION D'UNE NOUVELLE EXPRESSION --------------------- */ + + +/* Initialise la classe des extractions d'éléments internes. */ +static void g_scan_pending_extraction_class_init(GScanPendingExtractionClass *); + +/* Initialise une instance d'extraction d'élément interne. */ +static void g_scan_pending_extraction_init(GScanPendingExtraction *); + +/* Supprime toutes les références externes. */ +static void g_scan_pending_extraction_dispose(GScanPendingExtraction *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_pending_extraction_finalize(GScanPendingExtraction *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Réduit une expression à une forme plus simple. */ +static ScanReductionState g_scan_pending_extraction_reduce(const GScanPendingExtraction *, GScanContext *, GScanScope *, GScanExpression **); + +/* Reproduit un accès en place dans une nouvelle instance. */ +static void g_scan_pending_extraction_copy(GScanPendingExtraction *, const GScanPendingExtraction *); + + + +/* ---------------------------------------------------------------------------------- */ +/* INTRODUCTION D'UNE NOUVELLE EXPRESSION */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une extraction d'élément de série interne. */ +G_DEFINE_TYPE(GScanPendingExtraction, g_scan_pending_extraction, G_TYPE_SCAN_NAMED_ACCESS); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des extractions d'éléments internes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_pending_extraction_class_init(GScanPendingExtractionClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanExpressionClass *expr; /* Version de classe parente */ + GScanNamedAccessClass *access; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_pending_extraction_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_pending_extraction_finalize; + + expr = G_SCAN_EXPRESSION_CLASS(klass); + + expr->cmp_rich = (compare_expr_rich_fc)NULL; + expr->reduce = (reduce_expr_fc)g_scan_pending_extraction_reduce; + + access = G_SCAN_NAMED_ACCESS_CLASS(klass); + + access->copy = (copy_scan_access_fc)g_scan_pending_extraction_copy; + +} + + +/****************************************************************************** +* * +* Paramètres : extract = instance à initialiser. * +* * +* Description : Initialise une instance d'extraction d'élément interne. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_pending_extraction_init(GScanPendingExtraction *extract) +{ + extract->index = NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : extract = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_pending_extraction_dispose(GScanPendingExtraction *extract) +{ + g_clear_object(&extract->index); + + G_OBJECT_CLASS(g_scan_pending_extraction_parent_class)->dispose(G_OBJECT(extract)); + +} + + +/****************************************************************************** +* * +* Paramètres : extract = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_pending_extraction_finalize(GScanPendingExtraction *extract) +{ + G_OBJECT_CLASS(g_scan_pending_extraction_parent_class)->finalize(G_OBJECT(extract)); + +} + + +/****************************************************************************** +* * +* Paramètres : target = désignation de l'objet d'appel à identifier. * +* index = indice de l'élément à extraire. * +* * +* Description : Organise l'extraction d'un élément d'une série interne. * +* * +* Retour : Fonction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanExpression *g_scan_pending_extraction_new(const sized_string_t *target, GScanExpression *index) +{ + GScanExpression *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_PENDING_EXTRACTION, NULL); + + if (!g_scan_pending_extraction_create(G_SCAN_PENDING_EXTRACTION(result), target, index)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : extract = instance à initialiser pleinement. * +* target = désignation de l'objet d'appel à identifier. * +* index = indice de l'élément à extraire. * +* * +* Description : Met en place une expression d'extraction d'élément interne. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_pending_extraction_create(GScanPendingExtraction *extract, const sized_string_t *target, GScanExpression *index) +{ + bool result; /* Bilan à retourner */ + + result = g_scan_named_access_create(G_SCAN_NAMED_ACCESS(extract), target); + if (!result) goto exit; + + extract->index = index; + g_object_ref(G_OBJECT(index)); + + exit: + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : expr = expression à consulter. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la réduction opérée. [OUT] * +* * +* Description : Réduit une expression à une forme plus simple. * +* * +* Retour : Bilan de l'opération : false en cas d'erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static ScanReductionState g_scan_pending_extraction_reduce(const GScanPendingExtraction *expr, GScanContext *ctx, GScanScope *scope, GScanExpression **out) +{ + ScanReductionState result; /* Etat synthétisé à retourner */ + GScanNamedAccess *access; /* Autre vision de l'expression*/ + GScanRegisteredItem *resolved; /* Cible concrète obtenue */ + GScanExpression *new; /* Nouvelle réduction obtenue */ + GObject *final; /* Expression ou élément ? */ + GScanExpression *new_next; /* Nouvelle version du suivant */ + + access = G_SCAN_NAMED_ACCESS(expr); + + resolved = _g_scan_named_access_prepare_reduction(access, ctx, scope); + + if (resolved == NULL) + result = SRS_UNRESOLVABLE; + + else + { + /* Actualisation nécessaire des arguments ? */ + + result = g_scan_expression_reduce(expr->index, ctx, scope, &new); + + /* Suite des traitements */ + + if (result == SRS_WAIT_FOR_SCAN) + { + /** + * Si changement il y a eu... + */ + if (new != expr->index) + { + *out = g_scan_pending_extraction_new(NULL, new); + + /** + * Fonctionnement équivalent de : + * g_scan_named_access_set_base(G_SCAN_NAMED_ACCESS(*out), resolved); + */ + G_SCAN_NAMED_ACCESS(*out)->resolved = resolved; + g_object_ref(G_OBJECT(resolved)); + + if (G_SCAN_NAMED_ACCESS(expr)->next != NULL) + g_scan_named_access_attach_next(G_SCAN_NAMED_ACCESS(*out), G_SCAN_NAMED_ACCESS(expr)->next); + + } + + } + + else if (result == SRS_REDUCED) + { + final = g_scan_registered_item_extract_at(resolved, new, ctx, scope); + + if (final != NULL) + { + /** + * Si le produit de l'appel à la fonction est une expression d'évaluation + * classique, alors ce produit constitue la réduction finale de la chaîne. + * + * Ce cas de figure ne se rencontre normalement qu'en bout de chaîne. + */ + if (!G_IS_SCAN_REGISTERED_ITEM(final)) + { + if (access->next != NULL) + result = SRS_UNRESOLVABLE; + + else + { + *out = G_SCAN_EXPRESSION(final); + g_object_ref(G_OBJECT(final)); + + result = SRS_REDUCED; + + } + + } + else + { + if (access->next != NULL) + { + new_next = g_scan_named_access_duplicate(access->next, G_SCAN_REGISTERED_ITEM(final)); + + result = g_scan_expression_reduce(new_next, ctx, scope, out); + + g_object_unref(G_OBJECT(new_next)); + + } + + /** + * Le cas ci-après est typique de l'extension Kaitai : field[n] + * renvoie vers une instance GScanRegisteredItem (GKaitaiBrowser). + * + * Il n'y a donc pas d'expression en jeu, et l'élément est le dernier + * de la liste. + */ + else + { + if (g_scan_registered_item_reduce(G_SCAN_REGISTERED_ITEM(final), ctx, scope, out)) + result = SRS_REDUCED; + else + result = SRS_UNRESOLVABLE; + + } + + } + + } + + else + result = SRS_UNRESOLVABLE; + + g_clear_object(&final); + + } + + /* Libération locale des arguments reconstruits */ + + g_clear_object(&new); + + g_object_unref(G_OBJECT(resolved)); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : dest = emplacement d'enregistrement à constituer. [OUT] * +* src = expression source à copier. * +* * +* Description : Reproduit un accès en place dans une nouvelle instance. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_pending_extraction_copy(GScanPendingExtraction *dest, const GScanPendingExtraction *src) +{ + GScanNamedAccessClass *class; /* Classe parente à solliciter */ + + class = G_SCAN_NAMED_ACCESS_CLASS(g_scan_pending_extraction_parent_class); + + class->copy(G_SCAN_NAMED_ACCESS(dest), G_SCAN_NAMED_ACCESS(src)); + + dest->index = src->index; + g_object_ref(G_OBJECT(src->index)); + +} diff --git a/src/analysis/scan/exprs/extract.h b/src/analysis/scan/exprs/extract.h new file mode 100644 index 0000000..8ed1cfa --- /dev/null +++ b/src/analysis/scan/exprs/extract.h @@ -0,0 +1,56 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * extract.h - prototypes pour l'organisation d'une extraction d'un élément d'une série interne + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_EXPRS_EXTRACT_H +#define _ANALYSIS_SCAN_EXPRS_EXTRACT_H + + +#include "../expr.h" +#include "../../../common/szstr.h" + + + +#define G_TYPE_SCAN_PENDING_EXTRACTION g_scan_pending_extraction_get_type() +#define G_SCAN_PENDING_EXTRACTION(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_PENDING_EXTRACTION, GScanPendingExtraction)) +#define G_IS_SCAN_PENDING_EXTRACTION(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_PENDING_EXTRACTION)) +#define G_SCAN_PENDING_EXTRACTION_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_PENDING_EXTRACTION, GScanPendingExtractionClass)) +#define G_IS_SCAN_PENDING_EXTRACTION_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_PENDING_EXTRACTION)) +#define G_SCAN_PENDING_EXTRACTION_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_PENDING_EXTRACTION, GScanPendingExtractionClass)) + + +/* Extraction d'un élément donné au sein d'une série interne (instance) */ +typedef struct _GScanPendingExtraction GScanPendingExtraction; + +/* Extraction d'un élément donné au sein d'une série interne (classe) */ +typedef struct _GScanPendingExtractionClass GScanPendingExtractionClass; + + +/* Indique le type défini pour une extraction d'élément de série interne. */ +GType g_scan_pending_extraction_get_type(void); + +/* Organise l'extraction d'un élément d'une série interne. */ +GScanExpression *g_scan_pending_extraction_new(const sized_string_t *, GScanExpression *); + + + +#endif /* _ANALYSIS_SCAN_EXPRS_EXTRACT_H */ diff --git a/src/analysis/scan/exprs/handler-int.h b/src/analysis/scan/exprs/handler-int.h index f707fdb..e051b30 100644 --- a/src/analysis/scan/exprs/handler-int.h +++ b/src/analysis/scan/exprs/handler-int.h @@ -37,7 +37,14 @@ struct _GScanPatternHandler { GScanExpression parent; /* A laisser en premier */ - GSearchPattern *pattern; /* Motif associé */ + union + { + const GSearchPattern **patterns; /* Motifs associés */ + GSearchPattern **ref_patterns; /* Motifs associés */ + }; + size_t count; /* Nombre de ces motifs */ + bool shared; /* Définition de propriété */ + ScanHandlerType type; /* Manipulation attendue */ }; @@ -51,7 +58,10 @@ struct _GScanPatternHandlerClass /* Met en place une manipulation de correspondances établies. */ -bool g_scan_pattern_handler_create(GScanPatternHandler *, GSearchPattern *, ScanHandlerType); +bool g_scan_pattern_handler_create_shared(GScanPatternHandler *, const GSearchPattern ** const, size_t, ScanHandlerType); + +/* Met en place une manipulation de correspondances établies. */ +bool g_scan_pattern_handler_create_and_ref(GScanPatternHandler *, GSearchPattern ** const, size_t, ScanHandlerType); diff --git a/src/analysis/scan/exprs/handler.c b/src/analysis/scan/exprs/handler.c index 1676522..2706dae 100644 --- a/src/analysis/scan/exprs/handler.c +++ b/src/analysis/scan/exprs/handler.c @@ -122,7 +122,10 @@ static void g_scan_pattern_handler_class_init(GScanPatternHandlerClass *klass) static void g_scan_pattern_handler_init(GScanPatternHandler *handler) { - handler->pattern = NULL; + handler->patterns = NULL; + handler->count = 0; + handler->shared = true; + handler->type = SHT_RAW; } @@ -142,7 +145,11 @@ static void g_scan_pattern_handler_init(GScanPatternHandler *handler) static void g_scan_pattern_handler_dispose(GScanPatternHandler *handler) { - g_clear_object(&handler->pattern); + size_t i; /* Boucle de parcours */ + + if (!handler->shared) + for (i = 0; i < handler->count; i++) + g_clear_object(&handler->ref_patterns[i]); G_OBJECT_CLASS(g_scan_pattern_handler_parent_class)->dispose(G_OBJECT(handler)); @@ -163,6 +170,9 @@ static void g_scan_pattern_handler_dispose(GScanPatternHandler *handler) static void g_scan_pattern_handler_finalize(GScanPatternHandler *handler) { + if (handler->patterns != NULL) + free(handler->patterns); + G_OBJECT_CLASS(g_scan_pattern_handler_parent_class)->finalize(G_OBJECT(handler)); } @@ -170,8 +180,9 @@ static void g_scan_pattern_handler_finalize(GScanPatternHandler *handler) /****************************************************************************** * * -* Paramètres : pattern = motif à impliquer. * -* type = type de manipulation attendue. * +* Paramètres : patterns = motifs à impliquer. * +* count = quantité de ces motifs. * +* type = type de manipulation attendue. * * * * Description : Met en place une manipulation de correspondances établies. * * * @@ -181,13 +192,13 @@ static void g_scan_pattern_handler_finalize(GScanPatternHandler *handler) * * ******************************************************************************/ -GScanExpression *g_scan_pattern_handler_new(GSearchPattern *pattern, ScanHandlerType type) +GScanExpression *g_scan_pattern_handler_new_shared(const GSearchPattern ** const patterns, size_t count, ScanHandlerType type) { GScanExpression *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_PATTERN_HANDLER, NULL); - if (!g_scan_pattern_handler_create(G_SCAN_PATTERN_HANDLER(result), pattern, type)) + if (!g_scan_pattern_handler_create_shared(G_SCAN_PATTERN_HANDLER(result), patterns, count, type)) g_clear_object(&result); return result; @@ -197,9 +208,10 @@ GScanExpression *g_scan_pattern_handler_new(GSearchPattern *pattern, ScanHandler /****************************************************************************** * * -* Paramètres : handler = instance à initialiser pleinement. * -* pattern = motif à impliquer. * -* type = type de manipulation attendue. * +* Paramètres : handler = instance à initialiser pleinement. * +* patterns = motifs à impliquer. * +* count = quantité de ces motifs. * +* type = type de manipulation attendue. * * * * Description : Met en place une manipulation de correspondances établies. * * * @@ -209,15 +221,19 @@ GScanExpression *g_scan_pattern_handler_new(GSearchPattern *pattern, ScanHandler * * ******************************************************************************/ -bool g_scan_pattern_handler_create(GScanPatternHandler *handler, GSearchPattern *pattern, ScanHandlerType type) +bool g_scan_pattern_handler_create_shared(GScanPatternHandler *handler, const GSearchPattern ** const patterns, size_t count, ScanHandlerType type) { bool result; /* Bilan à retourner */ result = g_scan_expression_create(G_SCAN_EXPRESSION(handler), SRS_WAIT_FOR_SCAN); if (!result) goto exit; - handler->pattern = pattern; - g_object_ref(G_OBJECT(pattern)); + handler->patterns = malloc(count * sizeof(GSearchPattern *)); + handler->count = count; + + memcpy(handler->patterns, patterns, count * sizeof(GSearchPattern *)); + + handler->shared = true; handler->type = type; @@ -228,6 +244,159 @@ bool g_scan_pattern_handler_create(GScanPatternHandler *handler, GSearchPattern } +/****************************************************************************** +* * +* Paramètres : patterns = motifs à impliquer. * +* count = quantité de ces motifs. * +* type = type de manipulation attendue. * +* * +* Description : Met en place une manipulation de correspondances établies. * +* * +* Retour : Expression mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanExpression *g_scan_pattern_handler_new(GSearchPattern ** const patterns, size_t count, ScanHandlerType type) +{ + GScanExpression *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_PATTERN_HANDLER, NULL); + + if (!g_scan_pattern_handler_create_and_ref(G_SCAN_PATTERN_HANDLER(result), patterns, count, type)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : handler = instance à initialiser pleinement. * +* patterns = motifs à impliquer. * +* count = quantité de ces motifs. * +* type = type de manipulation attendue. * +* * +* Description : Met en place une manipulation de correspondances établies. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_pattern_handler_create_and_ref(GScanPatternHandler *handler, GSearchPattern ** const patterns, size_t count, ScanHandlerType type) +{ + bool result; /* Bilan à retourner */ + size_t i; /* Boucle de parcours */ + + result = g_scan_expression_create(G_SCAN_EXPRESSION(handler), SRS_WAIT_FOR_SCAN); + if (!result) goto exit; + + handler->patterns = malloc(count * sizeof(GSearchPattern *)); + handler->count = count; + + memcpy(handler->patterns, patterns, count * sizeof(GSearchPattern *)); + + for (i = 0; i < count; i++) + g_object_ref(G_OBJECT(patterns[i])); + + handler->shared = false; + + handler->type = type; + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : handler = instance à initialiser pleinement. * +* * +* Description : Indique le type de manipulation de correspondances spécifié. * +* * +* Retour : Type de manipulation de correspondances représentée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +ScanHandlerType g_scan_pattern_handler_get_handler_type(const GScanPatternHandler *handler) +{ + ScanHandlerType result; /* Nature à retourner */ + + result = handler->type; + + return result; + +} + + +#if 0 /* FIXME */ + +/****************************************************************************** +* * +* Paramètres : handler = instance à initialiser pleinement. * +* ctx = contexte de suivi de l'analyse courante. * +* count = quantité de correspondances enregistrées. [OUT] * +* * +* Description : Fournit la liste de toutes les correspondances représentées. * +* * +* Retour : Liste courante de correspondances établies. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanMatch **g_scan_pattern_handler_get_all_matches(const GScanPatternHandler *handler, GScanContext *ctx, size_t *count) +{ + GScanMatch **result; /* Liste à retourner */ + size_t used; /* Indice pour le stockage */ + size_t i; /* Boucle de parcours #1 */ + size_t partial; /* Décompte partiel */ + const GScanMatch **matches; /* Correspondances en place */ + size_t k; /* Boucle de parcours #2 */ + + result = NULL; + + if (!g_scan_pattern_handler_count_items(handler, ctx, count)) + { + *count = 0; + goto exit; + } + + if (*count == 0) + goto exit; + + result = malloc(*count * sizeof(GScanMatch *)); + + used = 0; + + for (i = 0; i < handler->count; i++) + { + matches = g_scan_context_get_full_matches(ctx, handler->patterns[i], &partial); + + for (k = 0; k < partial; k++) + { + result[used++] = matches[k]; + g_object_ref(G_OBJECT(matches[k])); + } + + } + + exit: + + return result; + +} +#endif + + /* ---------------------------------------------------------------------------------- */ /* IMPLEMENTATION DES FONCTIONS DE CLASSE */ @@ -252,9 +421,27 @@ bool g_scan_pattern_handler_create(GScanPatternHandler *handler, GSearchPattern static ScanReductionState g_scan_pattern_handler_reduce(const GScanPatternHandler *expr, GScanContext *ctx, GScanScope *scope, GScanExpression **out) { ScanReductionState result; /* Etat synthétisé à retourner */ + size_t count; /* Quantité de correspondances */ if (g_scan_context_is_scan_done(ctx)) - result = SRS_REDUCED; + { + if (expr->type == SHT_COUNTER) + { + if (!g_scan_pattern_handler_count_items(expr, ctx, &count)) + result = SRS_UNRESOLVABLE; + + else + { + result = SRS_REDUCED; + *out = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, (unsigned long long []){ count }); + } + + } + + else + result = SRS_REDUCED; + + } else result = SRS_WAIT_FOR_SCAN; @@ -284,9 +471,7 @@ static bool g_scan_pattern_handler_reduce_to_boolean(const GScanPatternHandler * bool result; /* Bilan à retourner */ size_t count; /* Quantité de correspondances */ - result = true; - - g_scan_context_get_full_matches(ctx, expr->pattern, &count); + result = g_scan_pattern_handler_count_items(expr, ctx, &count); *out = g_scan_literal_expression_new(LVT_BOOLEAN, (bool []){ count > 0 }); @@ -312,12 +497,16 @@ static bool g_scan_pattern_handler_reduce_to_boolean(const GScanPatternHandler * static bool g_scan_pattern_handler_count_items(const GScanPatternHandler *expr, GScanContext *ctx, size_t *count) { bool result; /* Bilan à retourner */ + size_t i; /* Boucle de parcours */ result = true; assert(g_scan_context_is_scan_done(ctx)); - g_scan_context_get_full_matches(ctx, expr->pattern, count); + *count = 0; + + for (i = 0; i < expr->count; i++) + *count += g_scan_context_count_full_matches(ctx, expr->patterns[i]); return result; @@ -342,62 +531,90 @@ static bool g_scan_pattern_handler_count_items(const GScanPatternHandler *expr, static bool g_scan_pattern_handler_get_item(const GScanPatternHandler *expr, size_t index, GScanContext *ctx, GScanExpression **out) { bool result; /* Bilan à retourner */ + size_t i; /* Boucle de parcours */ size_t count; /* Quantité de correspondances */ - const GScanMatch **matches; /* Correspondances en place */ - const GScanBytesMatch *match; /* Correspondance ciblée */ - phys_t start; /* Point de départ du motif */ - phys_t end; /* Point d'arrivée du motif */ - phys_t len; /* Taille du motif */ + GScanMatches *matches; /* Correspondances d'un motif */ + const match_area_t *area; /* Zone de correspondance */ GBinContent *content; /* Contenu binaire à relire */ vmpa2t pos; /* Tête de lecture */ const bin_t *data; /* Accès aux données brutes */ sized_string_t binary; /* Conversion de formats */ + result = false; + assert(g_scan_context_is_scan_done(ctx)); - matches = g_scan_context_get_full_matches(ctx, expr->pattern, &count); + /* Identification du motif concerné */ + + for (i = 0; i < expr->count; i++) + { + count = g_scan_context_count_full_matches(ctx, expr->patterns[i]); + + if (index < count) + break; + else + index -= count; + + } + + if (i == expr->count) goto done; - result = (index < count); - if (!result) goto done; + /* Identification de la correspondance concernée */ - result = G_IS_SCAN_BYTES_MATCH(matches[index]); - if (!result) goto done; + matches = g_scan_context_get_full_matches(ctx, expr->patterns[i]); + if (matches == NULL) goto done; - match = G_SCAN_BYTES_MATCH(matches[index]); + area = g_scan_bytes_matches_get(G_SCAN_BYTES_MATCHES(matches), index); + if (area == NULL) goto done_with_matches; - len = g_scan_bytes_match_get_location(match, &start, &end); + /* Traitement adapté de la requête */ switch (expr->type) { case SHT_RAW: - content = g_scan_bytes_match_get_content(match); + content = g_scan_context_get_content(ctx); - init_vmpa(&pos, start, VMPA_NO_VIRTUAL); + init_vmpa(&pos, area->start, VMPA_NO_VIRTUAL); - data = g_binary_content_get_raw_access(content, &pos, len); + data = g_binary_content_get_raw_access(content, &pos, area->end - area->start); - binary.data = data; - binary.len = len; + binary.static_bin_data = data; + binary.len = area->end - area->start; *out = g_scan_literal_expression_new(LVT_STRING, &binary); g_object_unref(G_OBJECT(content)); + result = true; + break; + + case SHT_COUNTER: + assert(false); break; case SHT_START: - *out = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, (unsigned long long []){ start }); + *out = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, + (unsigned long long []){ area->start }); + result = true; break; case SHT_LENGTH: - *out = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, (unsigned long long []){ len }); + *out = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, + (unsigned long long []){ area->end - area->start }); + result = true; break; case SHT_END: - *out = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, (unsigned long long []){ end }); + *out = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, + (unsigned long long []){ area->end }); + result = true; break; } + done_with_matches: + + g_object_unref(G_OBJECT(matches)); + done: return result; diff --git a/src/analysis/scan/exprs/handler.h b/src/analysis/scan/exprs/handler.h index 8ad700a..a1ddf98 100644 --- a/src/analysis/scan/exprs/handler.h +++ b/src/analysis/scan/exprs/handler.h @@ -48,6 +48,7 @@ typedef struct _GScanPatternHandlerClass GScanPatternHandlerClass; typedef enum _ScanHandlerType { SHT_RAW, /* Correspondances brutes */ + SHT_COUNTER, /* Dénombrement de résultats */ SHT_START, /* Départs de correspondances */ SHT_LENGTH, /* Taille de correspondances */ SHT_END, /* Fins de correspondances */ @@ -59,7 +60,20 @@ typedef enum _ScanHandlerType GType g_scan_pattern_handler_get_type(void); /* Met en place une manipulation de correspondances établies. */ -GScanExpression *g_scan_pattern_handler_new(GSearchPattern *, ScanHandlerType); +GScanExpression *g_scan_pattern_handler_new_shared(const GSearchPattern ** const, size_t, ScanHandlerType); + +/* Met en place une manipulation de correspondances établies. */ +GScanExpression *g_scan_pattern_handler_new(GSearchPattern ** const, size_t, ScanHandlerType); + +/* Indique le type de manipulation de correspondances spécifié. */ +ScanHandlerType g_scan_pattern_handler_get_handler_type(const GScanPatternHandler *); + +#if 0 /* FIXME */ + +/* Fournit la liste de toutes les correspondances représentées. */ +GScanMatch **g_scan_pattern_handler_get_all_matches(const GScanPatternHandler *, GScanContext *, size_t *); + +#endif diff --git a/src/analysis/scan/exprs/item.c b/src/analysis/scan/exprs/item.c index b7cd970..a5a6fdf 100644 --- a/src/analysis/scan/exprs/item.c +++ b/src/analysis/scan/exprs/item.c @@ -308,6 +308,7 @@ static ScanReductionState g_scan_set_item_reduce(const GScanSetItem *expr, GScan status = g_scan_expression_get_item(expr->set, val_s, ctx, out); } + else if (vtype == LVT_UNSIGNED_INTEGER) { if (!g_scan_literal_expression_get_unsigned_integer_value(op_index, &val_u)) @@ -320,6 +321,9 @@ static ScanReductionState g_scan_set_item_reduce(const GScanSetItem *expr, GScan } + else + status = false; + result = (status ? SRS_REDUCED : SRS_UNRESOLVABLE); } diff --git a/src/analysis/scan/exprs/literal.c b/src/analysis/scan/exprs/literal.c index de7e32a..b7aed5b 100644 --- a/src/analysis/scan/exprs/literal.c +++ b/src/analysis/scan/exprs/literal.c @@ -62,6 +62,9 @@ static bool g_scan_literal_expression_reduce_to_boolean(const GScanLiteralExpres /* Dénombre les éléments portés par une expression. */ static bool g_scan_literal_expression_count(const GScanLiteralExpression *, GScanContext *, size_t *); +/* Fournit un élément donné issu d'un ensemble constitué. */ +static bool g_scan_literal_expression_get_item(const GScanLiteralExpression *, size_t, GScanContext *, GScanExpression **); + /* ---------------------------------------------------------------------------------- */ @@ -100,6 +103,7 @@ static void g_scan_literal_expression_class_init(GScanLiteralExpressionClass *kl expr->cmp_rich = (compare_expr_rich_fc)g_scan_literal_expression_compare_rich; expr->reduce_to_bool = (reduce_expr_to_bool_fc)g_scan_literal_expression_reduce_to_boolean; expr->count = (count_scan_expr_fc)g_scan_literal_expression_count; + expr->get = (get_scan_expr_fc)g_scan_literal_expression_get_item; } @@ -120,6 +124,8 @@ static void g_scan_literal_expression_init(GScanLiteralExpression *expr) { G_SCAN_EXPRESSION(expr)->state = SRS_REDUCED; + memset(&expr->value, 0, sizeof(expr->value)); + } @@ -156,6 +162,25 @@ static void g_scan_literal_expression_dispose(GScanLiteralExpression *expr) static void g_scan_literal_expression_finalize(GScanLiteralExpression *expr) { + switch (expr->value_type) + { + case LVT_STRING: + exit_szstr(&expr->value.string); + break; + + case LVT_REG_EXPR: + if (expr->value.regex != NULL) + { + free(expr->value.regex); + regfree(&expr->value.preg); + } + break; + + default: + break; + + } + G_OBJECT_CLASS(g_scan_literal_expression_parent_class)->finalize(G_OBJECT(expr)); } @@ -659,3 +684,51 @@ static bool g_scan_literal_expression_count(const GScanLiteralExpression *expr, return result; } + + +/****************************************************************************** +* * +* Paramètres : expr = expression à consulter. * +* index = indice de l'élément à transférer. * +* ctx = contexte de suivi de l'analyse courante. * +* out = zone d'enregistrement de la réduction opérée. [OUT] * +* * +* Description : Fournit un élément donné issu d'un ensemble constitué. * +* * +* Retour : Bilan de l'opération : false en cas d'erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_literal_expression_get_item(const GScanLiteralExpression *expr, size_t index, GScanContext *ctx, GScanExpression **out) +{ + bool result; /* Bilan à retourner */ + sized_string_t ch; /* Caractère extrait */ + + switch (expr->value_type) + { + case LVT_STRING: + + result = (index < expr->value.string.len); + + if (result) + { + ch.data = expr->value.string.data + index; + ch.len = 1; + + *out = g_scan_literal_expression_new(LVT_STRING, &ch); + + } + + break; + + default: + result = false; + break; + + } + + return result; + +} diff --git a/src/analysis/scan/exprs/logical.c b/src/analysis/scan/exprs/logical.c index cc78a75..3b07843 100644 --- a/src/analysis/scan/exprs/logical.c +++ b/src/analysis/scan/exprs/logical.c @@ -230,7 +230,7 @@ bool g_scan_logical_operation_create(GScanLogicalOperation *op, BooleanOperation g_object_ref(G_OBJECT(op->first)); result = (second == NULL); - assert(second != NULL); + assert(second == NULL); break; default: @@ -483,6 +483,11 @@ static ScanReductionState g_scan_logical_operation_reduce(const GScanLogicalOper break; + /* Pour GCC... */ + default: + result = SRS_UNRESOLVABLE; + break; + } /* Mise à jour de la progression ? */ diff --git a/src/analysis/scan/exprs/setcounter-int.h b/src/analysis/scan/exprs/setcounter-int.h index fbed209..c9e3da5 100644 --- a/src/analysis/scan/exprs/setcounter-int.h +++ b/src/analysis/scan/exprs/setcounter-int.h @@ -37,8 +37,13 @@ struct _GScanSetMatchCounter { GScanExpression parent; /* A laisser en premier */ - GSearchPattern **patterns; /* Motifs associés */ + union + { + const GSearchPattern **patterns; /* Motifs associés */ + GSearchPattern **ref_patterns; /* Motifs associés */ + }; size_t count; /* Nombre de ces motifs */ + bool shared; /* Définition de propriété */ ScanSetCounterType type; /* Type de décompte */ size_t number; /* Eventuel volume associé */ @@ -53,9 +58,11 @@ struct _GScanSetMatchCounterClass }; +/* Met en place un décompte de motifs avec correspondances. */ +bool g_scan_set_match_counter_create_shared(GScanSetMatchCounter *, const GSearchPattern ** const, size_t); /* Met en place un décompte de motifs avec correspondances. */ -bool g_scan_set_match_counter_create(GScanSetMatchCounter *, GSearchPattern ** const, size_t); +bool g_scan_set_match_counter_create_and_ref(GScanSetMatchCounter *, GSearchPattern ** const, size_t); diff --git a/src/analysis/scan/exprs/setcounter.c b/src/analysis/scan/exprs/setcounter.c index 14e7676..bed315e 100644 --- a/src/analysis/scan/exprs/setcounter.c +++ b/src/analysis/scan/exprs/setcounter.c @@ -24,6 +24,10 @@ #include "setcounter.h" +#include <assert.h> +#include <string.h> + + #include "setcounter-int.h" #include "literal.h" @@ -109,6 +113,7 @@ static void g_scan_set_match_counter_init(GScanSetMatchCounter *counter) { counter->patterns = NULL; counter->count = 0; + counter->shared = true; counter->type = SSCT_NONE; counter->number = 0; @@ -132,8 +137,9 @@ static void g_scan_set_match_counter_dispose(GScanSetMatchCounter *counter) { size_t i; /* Boucle de parcours */ - for (i = 0; i < counter->count; i++) - g_clear_object(&counter->patterns[i]); + if (!counter->shared) + for (i = 0; i < counter->count; i++) + g_clear_object(&counter->ref_patterns[i]); G_OBJECT_CLASS(g_scan_set_match_counter_parent_class)->dispose(G_OBJECT(counter)); @@ -175,13 +181,75 @@ static void g_scan_set_match_counter_finalize(GScanSetMatchCounter *counter) * * ******************************************************************************/ +GScanExpression *g_scan_set_match_counter_new_shared(const GSearchPattern ** const patterns, size_t count) +{ + GScanExpression *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_SET_MATCH_COUNTER, NULL); + + if (!g_scan_set_match_counter_create_shared(G_SCAN_SET_MATCH_COUNTER(result), patterns, count)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : counter = instance à initialiser pleinement. * +* patterns = motifs à impliquer. * +* count = quantité de ces motifs. * +* * +* Description : Met en place un décompte de motifs avec correspondances. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_set_match_counter_create_shared(GScanSetMatchCounter *counter, const GSearchPattern ** const patterns, size_t count) +{ + bool result; /* Bilan à retourner */ + + result = g_scan_expression_create(G_SCAN_EXPRESSION(counter), SRS_WAIT_FOR_SCAN); + if (!result) goto exit; + + counter->patterns = malloc(count * sizeof(GSearchPattern *)); + counter->count = count; + + memcpy(counter->patterns, patterns, count * sizeof(GSearchPattern *)); + + counter->shared = true; + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : patterns = motifs à impliquer. * +* count = quantité de ces motifs. * +* * +* Description : Constitue un décompte de motifs avec correspondances. * +* * +* Retour : Expression mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + GScanExpression *g_scan_set_match_counter_new(GSearchPattern ** const patterns, size_t count) { GScanExpression *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_SET_MATCH_COUNTER, NULL); - if (!g_scan_set_match_counter_create(G_SCAN_SET_MATCH_COUNTER(result), patterns, count)) + if (!g_scan_set_match_counter_create_and_ref(G_SCAN_SET_MATCH_COUNTER(result), patterns, count)) g_clear_object(&result); return result; @@ -203,7 +271,7 @@ GScanExpression *g_scan_set_match_counter_new(GSearchPattern ** const patterns, * * ******************************************************************************/ -bool g_scan_set_match_counter_create(GScanSetMatchCounter *counter, GSearchPattern ** const patterns, size_t count) +bool g_scan_set_match_counter_create_and_ref(GScanSetMatchCounter *counter, GSearchPattern ** const patterns, size_t count) { bool result; /* Bilan à retourner */ size_t i; /* Boucle de parcours */ @@ -214,11 +282,12 @@ bool g_scan_set_match_counter_create(GScanSetMatchCounter *counter, GSearchPatte counter->patterns = malloc(count * sizeof(GSearchPattern *)); counter->count = count; + memcpy(counter->patterns, patterns, count * sizeof(GSearchPattern *)); + for (i = 0; i < count; i++) - { - counter->patterns[i] = patterns[i]; g_object_ref(G_OBJECT(patterns[i])); - } + + counter->shared = false; exit: @@ -241,21 +310,52 @@ bool g_scan_set_match_counter_create(GScanSetMatchCounter *counter, GSearchPatte * * ******************************************************************************/ -void g_scan_set_match_counter_add_extra_patterns(GScanSetMatchCounter *counter, GSearchPattern ** const patterns, size_t count) +void g_scan_set_match_counter_add_extra_shared_patterns(GScanSetMatchCounter *counter, const GSearchPattern ** const patterns, size_t count) +{ + size_t first; /* Premier emplacement libre */ + + assert(counter->shared); + + first = counter->count; + + counter->count += count; + counter->patterns = realloc(counter->patterns, counter->count * sizeof(GSearchPattern *)); + + memcpy(counter->patterns + first, patterns, count * sizeof(GSearchPattern *)); + +} + + +/****************************************************************************** +* * +* Paramètres : counter = décompte à compléter. * +* patterns = motifs à impliquer. * +* count = quantité de ces motifs. * +* * +* Description : Ajoute de nouveaux motifs à un ensemble à décompter. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_set_match_counter_add_and_ref_extra_patterns(GScanSetMatchCounter *counter, GSearchPattern ** const patterns, size_t count) { size_t first; /* Premier emplacement libre */ size_t i; /* Boucle de parcours */ + assert(!counter->shared); + first = counter->count; counter->count += count; counter->patterns = realloc(counter->patterns, counter->count * sizeof(GSearchPattern *)); + memcpy(counter->patterns + first, patterns, count * sizeof(GSearchPattern *)); + for (i = 0; i < count; i++) - { - counter->patterns[first + i] = patterns[i]; g_object_ref(G_OBJECT(patterns[i])); - } } @@ -319,6 +419,7 @@ static ScanReductionState g_scan_set_match_counter_reduce(const GScanSetMatchCou ScanReductionState result; /* Etat synthétisé à retourner */ size_t matched; /* Qté de motifs avec résultats*/ size_t i; /* Boucle de parcours */ + GScanMatches *matches; /* Série de correspondances */ size_t count; /* Quantité de correspondances */ bool status; /* Bilan d'évaluation finale */ @@ -328,10 +429,18 @@ static ScanReductionState g_scan_set_match_counter_reduce(const GScanSetMatchCou for (i = 0; i < expr->count; i++) { - g_scan_context_get_full_matches(ctx, expr->patterns[i], &count); + matches = g_scan_context_get_full_matches(ctx, expr->patterns[i]); + + if (matches != NULL) + { + count = g_scan_matches_count(matches); + + if (count > 0) + matched++; + + g_object_unref(G_OBJECT(matches)); - if (count > 0) - matched++; + } } diff --git a/src/analysis/scan/exprs/setcounter.h b/src/analysis/scan/exprs/setcounter.h index 59762f9..28c92b4 100644 --- a/src/analysis/scan/exprs/setcounter.h +++ b/src/analysis/scan/exprs/setcounter.h @@ -52,10 +52,16 @@ typedef struct _GScanSetMatchCounterClass GScanSetMatchCounterClass; GType g_scan_set_match_counter_get_type(void); /* Met en place un décompte de correspondances obtenues. */ +GScanExpression *g_scan_set_match_counter_new_shared(const GSearchPattern ** const, size_t); + +/* Met en place un décompte de correspondances obtenues. */ GScanExpression *g_scan_set_match_counter_new(GSearchPattern ** const, size_t); /* Ajoute de nouveaux motifs à un ensemble à décompter. */ -void g_scan_set_match_counter_add_extra_patterns(GScanSetMatchCounter *, GSearchPattern ** const, size_t); +void g_scan_set_match_counter_add_extra_shared_patterns(GScanSetMatchCounter *, const GSearchPattern ** const, size_t); + +/* Ajoute de nouveaux motifs à un ensemble à décompter. */ +void g_scan_set_match_counter_add_and_ref_extra_patterns(GScanSetMatchCounter *, GSearchPattern ** const, size_t); /* Formes de volume de correspondances */ typedef enum _ScanSetCounterType diff --git a/src/analysis/scan/grammar.y b/src/analysis/scan/grammar.y index e1f0e9e..2d985a7 100644 --- a/src/analysis/scan/grammar.y +++ b/src/analysis/scan/grammar.y @@ -6,10 +6,10 @@ /* Affiche un message d'erreur suite à l'analyse en échec. */ -static int yyerror(GContentScanner *, yyscan_t, GScanRule **, sized_string_t *, sized_string_t *, void/*GBytesPattern*/ **, char **, size_t *, size_t *, char *); +static int yyerror(GContentScanner *, yyscan_t, GScanRule **, sized_string_t *, sized_string_t *, char *); #define raise_error(msg) \ - yyerror(scanner, yyscanner, built_rule, tmp_0, tmp_1, NULL, buf, allocated, used, msg) + yyerror(scanner, yyscanner, built_rule, tmp_0, tmp_1, msg) %} @@ -30,7 +30,7 @@ typedef void *yyscan_t; #include "exprs/access.h" #include "exprs/arithmetic.h" #include "exprs/call.h" -#include "exprs/counter.h" +#include "exprs/extract.h" #include "exprs/handler.h" #include "exprs/intersect.h" #include "exprs/item.h" @@ -40,8 +40,10 @@ typedef void *yyscan_t; #include "exprs/setcounter.h" #include "exprs/relational.h" #include "exprs/strop.h" +#include "patterns/customizer.h" #include "patterns/modifier.h" #include "patterns/modifiers/list.h" +#include "patterns/modifiers/pipe.h" #include "patterns/tokens/hex.h" #include "patterns/tokens/plain.h" #include "patterns/tokens/nodes/any.h" @@ -74,15 +76,14 @@ typedef void *yyscan_t; } masked; ScanRuleFlags rule_flags; /* Fanions pour règle */ - GScanRule *rule; /* Nouvelle règle à intégrer */ GScanTokenNode *node; /* Bribe de motif à intégrer */ GSearchPattern *pattern; /* Nouveau motif à considérer */ GScanTokenModifier *modifier; /* Modificateur pour texte */ + modifier_arg_t mod_arg; /* Argument pour modificateur */ ScanPlainNodeFlags str_flags; /* Fanions pour texte */ - GScanExpression *expr; /* Expression de condition */ struct { @@ -100,13 +101,13 @@ typedef void *yyscan_t; %define api.pure full -%parse-param { GContentScanner *scanner } { yyscan_t yyscanner } { GScanRule **built_rule } { sized_string_t *tmp_0} { sized_string_t *tmp_1} { void /*GBytesPattern*/ **built_pattern } { char **buf } { size_t *allocated } { size_t *used } -%lex-param { yyscan_t yyscanner } { sized_string_t *tmp_0} { sized_string_t *tmp_1} { void/*GBytesPattern*/ **built_pattern } { char **buf } { size_t *allocated } { size_t *used } +%parse-param { GContentScanner *scanner } { yyscan_t yyscanner } { GScanRule **built_rule } { sized_string_t *tmp_0} { sized_string_t *tmp_1} +%lex-param { yyscan_t yyscanner } { sized_string_t *tmp_0} { sized_string_t *tmp_1} %code provides { #define YY_DECL \ - int rost_lex(YYSTYPE *yylval_param, yyscan_t yyscanner, sized_string_t *tmp_0, sized_string_t *tmp_1, void/*GBytesPattern*/ **built_pattern, char **buf, size_t *allocated, size_t *used) + int rost_lex(YYSTYPE *yylval_param, yyscan_t yyscanner, sized_string_t *tmp_0, sized_string_t *tmp_1) YY_DECL; @@ -115,8 +116,8 @@ YY_DECL; %token INCLUDE "include" -%token RAW_RULE -%token RULE_NAME +%token RAW_RULE "rule" +%token RULE_IDENTIFIER %token META "meta" %token BYTES "bytes" @@ -129,9 +130,13 @@ YY_DECL; %token BYTES_ID %token BYTES_FUZZY_ID %token BYTES_ID_COUNTER +%token BYTES_FUZZY_ID_COUNTER %token BYTES_ID_START +%token BYTES_FUZZY_ID_START %token BYTES_ID_LENGTH +%token BYTES_FUZZY_ID_LENGTH %token BYTES_ID_END +%token BYTES_FUZZY_ID_END %token NAME @@ -152,7 +157,8 @@ YY_DECL; -%token BRACE_IN BRACE_OUT +%token BRACE_IN "{" +%token BRACE_OUT "}" %token ASSIGN "=" %token COLON ":" @@ -164,7 +170,6 @@ YY_DECL; %token FALSE_ "false" %token SIGNED_INTEGER %token UNSIGNED_INTEGER -%token STRING %token KB MB GB @@ -198,8 +203,6 @@ YY_DECL; %token HOOK_O "[" %token HOOK_C "]" -%token BRACKET_O "{" -%token BRACKET_C "}" %token QUESTION "?" %token PAREN_O "(" @@ -208,6 +211,9 @@ YY_DECL; %token DOT "." %token PIPE "|" +%token MOD_GROUP_O "((" +%token MOD_GROUP_C "))" + %token NONE "none" %token ANY "any" %token ALL "all" @@ -216,26 +222,28 @@ YY_DECL; %token IN "in" -%type <sized_cstring> RULE_NAME +%type <sized_cstring> RULE_IDENTIFIER %type <sized_cstring> INFO_KEY %type <sized_cstring> BYTES_ID %type <sized_cstring> BYTES_FUZZY_ID %type <sized_cstring> BYTES_ID_COUNTER +%type <sized_cstring> BYTES_FUZZY_ID_COUNTER %type <sized_cstring> BYTES_ID_START +%type <sized_cstring> BYTES_FUZZY_ID_START %type <sized_cstring> BYTES_ID_LENGTH +%type <sized_cstring> BYTES_FUZZY_ID_LENGTH %type <sized_cstring> BYTES_ID_END +%type <sized_cstring> BYTES_FUZZY_ID_END %type <sized_cstring> NAME %type <signed_integer> SIGNED_INTEGER %type <unsigned_integer> UNSIGNED_INTEGER -%type <sized_cstring> STRING %type <rule_flags> rule_flags %type <rule_flags> rule_flag -%type <rule> rule %type <sized_cstring> PLAIN_TEXT %type <tmp_cstring> ESCAPED_TEXT @@ -252,15 +260,18 @@ YY_DECL; %type <modifier> modifiers %type <modifier> _modifiers -%type <modifier> chained_modifiers + //%type <modifier> chained_modifiers %type <modifier> mod_stage %type <modifier> modifier +%type <modifier> modifier_args +%type <mod_arg> modifier_arg %type <str_flags> str_flags %type <pattern> hex_pattern %type <node> hex_tokens +%type <node> _hex_tokens %type <node> hex_token %type <node> hex_range %type <node> hex_choices @@ -270,7 +281,8 @@ YY_DECL; %type <expr> cexpression _cexpression %type <expr> literal -%type <expr> item_chain +%type <expr> chain_items +%type <expr> chain_item %type <args_list> call_args %type <expr> logical_expr %type <expr> relational_expr @@ -281,9 +293,9 @@ YY_DECL; %type <expr> pattern_set_items %type <expr> set %type <expr> set_items -%type <expr> set_access %type <expr> intersection %type <expr> pattern_handler +%type <expr> _pattern_handler @@ -308,16 +320,36 @@ YY_DECL; %left HOOK_O HOOK_C + %destructor { g_object_unref(G_OBJECT($$)); } <node> + + %destructor { g_object_unref(G_OBJECT($$)); } <pattern> + + %destructor { g_object_unref(G_OBJECT($$)); } <modifier> + + %destructor { g_object_unref(G_OBJECT($$)); } <expr> + + %destructor { + size_t __i; + + for (__i = 0; __i < $$.count; __i++) + g_object_unref(G_OBJECT($$.args[__i])); + if ($$.args != NULL) + free($$.args); -%destructor { printf("-------- Discarding symbol %p.\n", $$); } <rule> + } <args_list> %% rules : /* empty */ | external rules - | rule rules { g_content_scanner_add_rule(scanner, $1); } + | rule + { + g_content_scanner_add_rule(scanner, *built_rule); + g_clear_object(built_rule); + } + rules ; @@ -346,15 +378,11 @@ YY_DECL; * Définition de règle. */ - rule : rule_flags RAW_RULE RULE_NAME + rule : rule_flags "rule" RULE_IDENTIFIER { *built_rule = g_scan_rule_new($1, $3.data); - $<rule>$ = *built_rule; - } - BRACE_IN meta bytes condition BRACE_OUT - { - $$ = $<rule>4; } + tags "{" meta bytes condition "}" ; @@ -379,6 +407,21 @@ YY_DECL; ; + tags : /* empty */ + | ":" tag_list + ; + + tag_list : RULE_IDENTIFIER + { + g_scan_rule_add_tag(*built_rule, $1.data); + } + | tag_list RULE_IDENTIFIER + { + g_scan_rule_add_tag(*built_rule, $2.data); + } + ; + + /** * Section "meta:" d'une définition de règle. */ @@ -449,7 +492,7 @@ YY_DECL; * Définition de motif en texte brut. */ - str_pattern : BYTES_ID ASSIGN PLAIN_TEXT modifiers str_flags + str_pattern : BYTES_ID "=" PLAIN_TEXT modifiers str_flags { GScanTokenNode *node; @@ -461,7 +504,7 @@ YY_DECL; g_object_unref(G_OBJECT(node)); } - | BYTES_ID ASSIGN ESCAPED_TEXT modifiers str_flags + | BYTES_ID "=" ESCAPED_TEXT modifiers str_flags { GScanTokenNode *node; @@ -488,7 +531,9 @@ YY_DECL; { $$ = $1; + // if (...) useless + // ex : xxx | { yyy zzz } } ; @@ -497,19 +542,45 @@ YY_DECL; { $$ = $1; } - | chained_modifiers + | _modifiers "|" mod_stage { - $$ = $1; + bool status; + + if (G_IS_SCAN_MODIFIER_PIPE($1)) + $$ = $1; + else + { + $$ = g_scan_modifier_pipe_new(); + g_scan_modifier_pipe_add(G_SCAN_MODIFIER_PIPE($$), $1); + g_object_unref(G_OBJECT($1)); + } + + g_scan_modifier_pipe_add(G_SCAN_MODIFIER_PIPE($$), $3); + g_object_unref(G_OBJECT($3)); + } ; - chained_modifiers : _modifiers "|" _modifiers +/* + chained_modifiers : modifiers "|" modifiers + { + printf("need chains....\n"); + + $$ = NULL; + + } ; +*/ mod_stage : modifier { $$ = $1; } + | "((" _modifiers "))" + { + $$ = NULL; + YYERROR; /* TODO */ + } | mod_stage modifier { bool status; @@ -520,6 +591,7 @@ YY_DECL; { $$ = g_scan_modifier_list_new(); g_scan_modifier_list_add(G_SCAN_MODIFIER_LIST($$), $1); + g_object_unref(G_OBJECT($1)); } status = g_scan_modifier_list_add(G_SCAN_MODIFIER_LIST($$), $2); @@ -527,21 +599,22 @@ YY_DECL; { if (1) log_simple_message(LMT_WARNING, "modifier already taken into account!"); - g_object_unref(G_OBJECT($2)); } + g_object_unref(G_OBJECT($2)); + } ; modifier : NAME { - $$ = find_scan_token_modifiers_for_name($1.data); + $$ = find_scan_token_modifiers_for_name(&$1); if ($$ == NULL) { char *_msg; int _ret; - _ret = asprintf(&_msg, _("Unknown modifier: \"%s\""), $1.data); + _ret = asprintf(&_msg, _("Unknown modifier: \"%.*s\""), (int)$1.len, $1.data); if (_ret != -1) { @@ -552,9 +625,74 @@ YY_DECL; YYERROR; } } - | "(" chained_modifiers ")" + | NAME "(" modifier_args ")" { - $$ = $2; + GScanTokenModifier *_mod; + bool _status; + + $$ = $3; + + _mod = find_scan_token_modifiers_for_name(&$1); + if (_mod == NULL) + { + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Unknown modifier: \"%.*s\""), (int)$1.len, $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + g_object_unref(G_OBJECT($$)); + + YYERROR; + } + + _status = g_scan_token_customizer_attach_modifier(G_SCAN_TOKEN_CUSTOMIZER($$), _mod); + + g_object_unref(G_OBJECT(_mod)); + + if (!_status) + { + char *_msg; + int _ret; + + _ret = asprintf(&_msg, + _("Unsupported argument for modifier: \"%.*s\""), + (int)$1.len, $1.data); + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + g_object_unref(G_OBJECT($$)); + + YYERROR; + } + + } + ; + + + modifier_args : modifier_arg + { + $$ = g_scan_token_customizer_new(&$1); + } + | modifier_args "," modifier_arg + { + $$ = $1; + g_scan_token_customizer_add_extra_arg(G_SCAN_TOKEN_CUSTOMIZER($$), &$3); + } + ; + + modifier_arg : PLAIN_TEXT + { + $$.type = MAT_STRING; + $$.value.string = $1; } ; @@ -586,26 +724,49 @@ YY_DECL; * Définition de motif en hexadécimal. */ - hex_pattern : BYTES_ID ASSIGN hex_tokens + hex_pattern : BYTES_ID "=" hex_tokens { $$ = g_scan_hex_bytes_new($3, false); g_search_pattern_set_name($$, $1.data, $1.len); } - | BYTES_ID ASSIGN hex_tokens "private" + | BYTES_ID "=" hex_tokens "private" { $$ = g_scan_hex_bytes_new($3, true); g_search_pattern_set_name($$, $1.data, $1.len); } ; - hex_tokens : hex_token + hex_tokens : _hex_tokens + { + $$ = $1; + + if (G_IS_SCAN_TOKEN_NODE_SEQUENCE($$)) + { + if (g_scan_token_node_sequence_count(G_SCAN_TOKEN_NODE_SEQUENCE($$)) == 1) + { + GScanTokenNode *node; + + node = g_scan_token_node_sequence_get(G_SCAN_TOKEN_NODE_SEQUENCE($$), 0); + + g_object_unref(G_OBJECT($$)); + + $$ = node; + + } + + } + + } + ; + + _hex_tokens : hex_token { if ($1 == NULL) YYERROR; $$ = $1; } - | hex_tokens hex_token + | _hex_tokens hex_token { if ($2 == NULL) YYERROR; @@ -665,10 +826,18 @@ YY_DECL; } | hex_range { + if ($1 == NULL) + { + raise_error(_("Unable to build hexadecimal range")); + YYERROR; + } + $$ = $1; + } | "~" hex_token { + if ($2 == NULL) YYERROR; $$ = g_scan_token_node_not_new($2); } @@ -726,6 +895,9 @@ YY_DECL; hex_choices : hex_token "|" hex_token { + if ($1 == NULL) YYERROR; + if ($3 == NULL) YYERROR; + $$ = g_scan_token_node_choice_new(); g_scan_token_node_choice_add(G_SCAN_TOKEN_NODE_CHOICE($$), $1); g_object_unref(G_OBJECT($1)); @@ -734,6 +906,8 @@ YY_DECL; } | hex_choices "|" hex_token { + if ($3 == NULL) YYERROR; + $$ = $1; g_scan_token_node_choice_add(G_SCAN_TOKEN_NODE_CHOICE($$), $3); g_object_unref(G_OBJECT($3)); @@ -745,7 +919,7 @@ YY_DECL; * Définition de motif sous forme d'expression régulière */ - regex_pattern : BYTES_ID ASSIGN regex_tokens + regex_pattern : BYTES_ID "=" regex_tokens { } @@ -789,7 +963,7 @@ YY_DECL; } ; - _regex_token : DOT + _regex_token : "." { printf("reg dot!\n"); } @@ -851,24 +1025,24 @@ YY_DECL; * Définition des conditions. */ - condition : CONDITION COLON cexpression - { - g_scan_rule_set_match_condition(*built_rule, $3); - g_object_unref(G_OBJECT($3)); - } - ; + condition : "condition" ":" cexpression + { + g_scan_rule_set_match_condition(*built_rule, $3); + g_object_unref(G_OBJECT($3)); + } + ; - cexpression : _cexpression { $$ = $1; if ($$ == NULL) { printf("ERROR !!!\n"); YYERROR; } } + cexpression : _cexpression { $$ = $1; if ($$ == NULL) { printf("ERROR !!!\n"); YYERROR; } } + ; _cexpression : literal { $$ = $1; } - | item_chain { $$ = $1; } + | chain_items { $$ = $1; } | logical_expr { $$ = $1; } | relational_expr { $$ = $1; } | string_op { $$ = $1; } | arithm_expr { $$ = $1; } | set_match_counter { $$ = $1; } | set { $$ = $1; } - | set_access { $$ = $1; } | intersection { $$ = $1; } | pattern_handler { $$ = $1; } | "(" cexpression ")" { $$ = $2; } @@ -908,46 +1082,65 @@ YY_DECL; __converted = $1 * 1073741824; $$ = g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, &__converted); } - | STRING + | PLAIN_TEXT { $$ = g_scan_literal_expression_new(LVT_STRING, &$1); } + | PLAIN_TEXT "[" cexpression "]" + { + GScanExpression *__src; + __src = g_scan_literal_expression_new(LVT_STRING, &$1); + $$ = g_scan_set_item_new(__src, $3); + g_object_unref(G_OBJECT(__src)); + g_object_unref(G_OBJECT($3)); + } + | ESCAPED_TEXT + { + $$ = g_scan_literal_expression_new(LVT_STRING, $1); + } + | ESCAPED_TEXT "[" cexpression "]" + { + GScanExpression *__src; + __src = g_scan_literal_expression_new(LVT_STRING, $1); + $$ = g_scan_set_item_new(__src, $3); + g_object_unref(G_OBJECT(__src)); + g_object_unref(G_OBJECT($3)); + } ; - item_chain : NAME { $$ = g_scan_named_access_new(&$1); } - | NAME "(" ")" { $$ = g_scan_pending_call_new(&$1, NULL, 0); } - | NAME "(" call_args ")" + + chain_items : chain_item { - size_t __i; - $$ = g_scan_pending_call_new(&$1, $3.args, $3.count); - for (__i = 0; __i < $3.count; __i++) - g_object_unref(G_OBJECT($3.args[__i])); - free($3.args); + $$ = $1; } - | item_chain "." NAME + | chain_items "." chain_item { - GScanExpression *__next; - __next = g_scan_named_access_new(&$3); - g_scan_named_access_attach_next(G_SCAN_NAMED_ACCESS($1), G_SCAN_NAMED_ACCESS(__next)); + g_scan_named_access_attach_next(G_SCAN_NAMED_ACCESS($1), G_SCAN_NAMED_ACCESS($3)); + g_object_unref(G_OBJECT($3)); $$ = $1; } - | item_chain "." NAME "(" ")" + ; + + chain_item : NAME { - GScanExpression *__next; - __next = g_scan_pending_call_new(&$3, NULL, 0); - g_scan_named_access_attach_next(G_SCAN_NAMED_ACCESS($1), G_SCAN_NAMED_ACCESS(__next)); - $$ = $1; + $$ = g_scan_named_access_new(&$1); } - | item_chain "." NAME "(" call_args ")" + | NAME "(" ")" + { + $$ = g_scan_pending_call_new(&$1, NULL, 0); + } + | NAME "(" call_args ")" { - GScanExpression *__next; size_t __i; - __next = g_scan_pending_call_new(&$3, $5.args, $5.count); - for (__i = 0; __i < $5.count; __i++) - g_object_unref(G_OBJECT($5.args[__i])); - free($5.args); - g_scan_named_access_attach_next(G_SCAN_NAMED_ACCESS($1), G_SCAN_NAMED_ACCESS(__next)); - $$ = $1; + $$ = g_scan_pending_call_new(&$1, $3.args, $3.count); + for (__i = 0; __i < $3.count; __i++) + g_object_unref(G_OBJECT($3.args[__i])); + free($3.args); + } + | NAME "[" cexpression "]" + { + $$ = g_scan_pending_extraction_new(&$1, $3); + g_object_unref(G_OBJECT($3)); } ; @@ -966,58 +1159,143 @@ YY_DECL; } ; - logical_expr : cexpression "and" cexpression { $$ = g_scan_logical_operation_new(BOT_AND, $1, $3); } - | cexpression "or" cexpression { $$ = g_scan_logical_operation_new(BOT_OR, $1, $3); } - | "not" "(" cexpression ")" { $$ = g_scan_logical_operation_new(BOT_NOT, $3, NULL); } + logical_expr : cexpression "and" cexpression + { + $$ = g_scan_logical_operation_new(BOT_AND, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression "or" cexpression + { + $$ = g_scan_logical_operation_new(BOT_OR, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | "not" "(" cexpression ")" + { + $$ = g_scan_logical_operation_new(BOT_NOT, $3, NULL); + g_object_unref(G_OBJECT($3)); + } ; -relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operation_new(RCO_LT, $1, $3); } - | cexpression "<=" cexpression { $$ = g_scan_relational_operation_new(RCO_LE, $1, $3); } - | cexpression "==" cexpression { $$ = g_scan_relational_operation_new(RCO_EQ, $1, $3); } - | cexpression "!=" cexpression { $$ = g_scan_relational_operation_new(RCO_NE, $1, $3); } - | cexpression ">" cexpression { $$ = g_scan_relational_operation_new(RCO_GT, $1, $3); } - | cexpression ">=" cexpression { $$ = g_scan_relational_operation_new(RCO_GE, $1, $3); } +relational_expr : cexpression "<" cexpression + { + $$ = g_scan_relational_operation_new(RCO_LT, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression "<=" cexpression + { + $$ = g_scan_relational_operation_new(RCO_LE, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression "==" cexpression + { + $$ = g_scan_relational_operation_new(RCO_EQ, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression "!=" cexpression + { + $$ = g_scan_relational_operation_new(RCO_NE, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression ">" cexpression + { + $$ = g_scan_relational_operation_new(RCO_GT, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression ">=" cexpression + { + $$ = g_scan_relational_operation_new(RCO_GE, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } ; string_op : cexpression "contains" cexpression { $$ = g_scan_string_operation_new(SOT_CONTAINS, $1, $3, true); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); } | cexpression "startswith" cexpression { $$ = g_scan_string_operation_new(SOT_STARTSWITH, $1, $3, true); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); } | cexpression "endswith" cexpression { $$ = g_scan_string_operation_new(SOT_ENDSWITH, $1, $3, true); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); } | cexpression "matches" cexpression { $$ = g_scan_string_operation_new(SOT_MATCHES, $1, $3, true); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); } | cexpression "icontains" cexpression { $$ = g_scan_string_operation_new(SOT_CONTAINS, $1, $3, false); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); } | cexpression "istartswith" cexpression { $$ = g_scan_string_operation_new(SOT_STARTSWITH, $1, $3, false); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); } | cexpression "iendswith" cexpression { $$ = g_scan_string_operation_new(SOT_ENDSWITH, $1, $3, false); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); } | cexpression "iequals" cexpression { $$ = g_scan_string_operation_new(SOT_IEQUALS, $1, $3, false); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); } ; - arithm_expr : cexpression "+" cexpression { $$ = g_scan_arithmetic_operation_new(AEO_PLUS, $1, $3); } - | cexpression "-" cexpression { $$ = g_scan_arithmetic_operation_new(AEO_MINUS, $1, $3); } - | cexpression "*" cexpression { $$ = g_scan_arithmetic_operation_new(AEO_MUL, $1, $3); } - | cexpression "/" cexpression { $$ = g_scan_arithmetic_operation_new(AEO_DIV, $1, $3); } - | cexpression "%" cexpression { $$ = g_scan_arithmetic_operation_new(AEO_MOD, $1, $3); } + arithm_expr : cexpression "+" cexpression + { + $$ = g_scan_arithmetic_operation_new(AEO_PLUS, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression "-" cexpression + { + $$ = g_scan_arithmetic_operation_new(AEO_MINUS, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression "*" cexpression + { + $$ = g_scan_arithmetic_operation_new(AEO_MUL, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression "/" cexpression + { + $$ = g_scan_arithmetic_operation_new(AEO_DIV, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } + | cexpression "%" cexpression + { + $$ = g_scan_arithmetic_operation_new(AEO_MOD, $1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + } ; @@ -1078,15 +1356,17 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio pattern_set : "them" { size_t __count; - GSearchPattern **__patterns; - size_t __i; + const GSearchPattern **__patterns; __patterns = g_scan_rule_get_local_variables(*built_rule, NULL, &__count); - $$ = g_scan_set_match_counter_new(__patterns, __count); + if (__patterns == NULL) + { + raise_error(_("No pattern found for \"them\"")); + YYERROR; + } - for (__i = 0; __i < __count; __i++) - g_object_unref(G_OBJECT(__patterns[__i])); + $$ = g_scan_set_match_counter_new_shared(__patterns, __count); free(__patterns); @@ -1099,7 +1379,7 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio pattern_set_items : BYTES_ID { - GSearchPattern *__pat; + const GSearchPattern *__pat; __pat = g_scan_rule_get_local_variable(*built_rule, $1.data); @@ -1119,20 +1399,17 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio YYERROR; } - $$ = g_scan_set_match_counter_new((GSearchPattern *[]) { __pat }, 1); - - g_object_unref(G_OBJECT(__pat)); + $$ = g_scan_set_match_counter_new_shared((const GSearchPattern *[]) { __pat }, 1); } | BYTES_FUZZY_ID { size_t __count; - GSearchPattern **__patterns; - size_t __i; + const GSearchPattern **__patterns; __patterns = g_scan_rule_get_local_variables(*built_rule, $1.data, &__count); - if (__count == 0) + if (__patterns == NULL) { char *_msg; int _ret; @@ -1148,17 +1425,14 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio YYERROR; } - $$ = g_scan_set_match_counter_new(__patterns, __count); - - for (__i = 0; __i < __count; __i++) - g_object_unref(G_OBJECT(__patterns[__i])); + $$ = g_scan_set_match_counter_new_shared(__patterns, __count); free(__patterns); } | pattern_set_items "," BYTES_ID { - GSearchPattern *__pat; + const GSearchPattern *__pat; GScanSetMatchCounter *__counter; __pat = g_scan_rule_get_local_variable(*built_rule, $3.data); @@ -1180,9 +1454,8 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio } __counter = G_SCAN_SET_MATCH_COUNTER($1); - g_scan_set_match_counter_add_extra_patterns(__counter, (GSearchPattern *[]) { __pat }, 1); - - g_object_unref(G_OBJECT(__pat)); + g_scan_set_match_counter_add_extra_shared_patterns(__counter, + (const GSearchPattern *[]) { __pat }, 1); $$ = $1; @@ -1190,13 +1463,12 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio | pattern_set_items "," BYTES_FUZZY_ID { size_t __count; - GSearchPattern **__patterns; + const GSearchPattern **__patterns; GScanSetMatchCounter *__counter; - size_t __i; __patterns = g_scan_rule_get_local_variables(*built_rule, $3.data, &__count); - if (__count == 0) + if (__patterns == NULL) { char *_msg; int _ret; @@ -1213,10 +1485,7 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio } __counter = G_SCAN_SET_MATCH_COUNTER($1); - g_scan_set_match_counter_add_extra_patterns(__counter, __patterns, __count); - - for (__i = 0; __i < __count; __i++) - g_object_unref(G_OBJECT(__patterns[__i])); + g_scan_set_match_counter_add_extra_shared_patterns(__counter, __patterns, __count); free(__patterns); @@ -1226,46 +1495,39 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio ; - set : "(" ")" - { - $$ = g_scan_generic_set_new(); - } - | "(" cexpression "," ")" - { - $$ = g_scan_generic_set_new(); - g_scan_generic_set_add_item(G_SCAN_GENERIC_SET($$), $2); - g_object_unref(G_OBJECT($2)); - } - | "(" set_items ")" - { - $$ = $2; - } - ; - - set_items : cexpression "," cexpression - { - $$ = g_scan_generic_set_new(); - g_scan_generic_set_add_item(G_SCAN_GENERIC_SET($$), $1); - g_object_unref(G_OBJECT($1)); - g_scan_generic_set_add_item(G_SCAN_GENERIC_SET($$), $3); - g_object_unref(G_OBJECT($3)); - } - | set_items "," cexpression - { - $$ = $1; - g_scan_generic_set_add_item(G_SCAN_GENERIC_SET($$), $3); - g_object_unref(G_OBJECT($3)); - } - ; + set : "(" ")" + { + $$ = g_scan_generic_set_new(); + } + | "(" cexpression "," ")" + { + $$ = g_scan_generic_set_new(); + g_scan_generic_set_add_item(G_SCAN_GENERIC_SET($$), $2); + g_object_unref(G_OBJECT($2)); + } + | "(" set_items ")" + { + $$ = $2; + } + ; - set_access : cexpression "[" cexpression "]" + set_items : cexpression "," cexpression { - $$ = g_scan_set_item_new($1, $3); + $$ = g_scan_generic_set_new(); + g_scan_generic_set_add_item(G_SCAN_GENERIC_SET($$), $1); g_object_unref(G_OBJECT($1)); + g_scan_generic_set_add_item(G_SCAN_GENERIC_SET($$), $3); + g_object_unref(G_OBJECT($3)); + } + | set_items "," cexpression + { + $$ = $1; + g_scan_generic_set_add_item(G_SCAN_GENERIC_SET($$), $3); g_object_unref(G_OBJECT($3)); } ; + intersection : cexpression "in" cexpression { $$ = g_scan_sets_intersection_new($1, $3); @@ -1274,65 +1536,290 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio } ; - pattern_handler : BYTES_ID + + pattern_handler : _pattern_handler + { + $$ = $1; + } + | _pattern_handler "[" cexpression "]" + { + if (g_scan_pattern_handler_get_handler_type(G_SCAN_PATTERN_HANDLER($1)) == SHT_COUNTER) + { + raise_error("Match counts can not get indexed"); + YYERROR; + } + + $$ = g_scan_set_item_new($1, $3); + g_object_unref(G_OBJECT($1)); + g_object_unref(G_OBJECT($3)); + + } + ; + + _pattern_handler : BYTES_ID { - GSearchPattern *__pat; + const GSearchPattern *__pat; + __pat = g_scan_rule_get_local_variable(*built_rule, $1.data); + if (__pat == NULL) - $$ = NULL; - else { - $$ = g_scan_pattern_handler_new(__pat, SHT_RAW); - g_object_unref(G_OBJECT(__pat)); + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Pattern not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; + } + + $$ = g_scan_pattern_handler_new_shared((const GSearchPattern *[]) { __pat }, 1, SHT_RAW); + + } + | BYTES_FUZZY_ID + { + size_t __count; + const GSearchPattern **__patterns; + + __patterns = g_scan_rule_get_local_variables(*built_rule, $1.data, &__count); + + if (__patterns == NULL) + { + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Patterns not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; } + + $$ = g_scan_pattern_handler_new_shared(__patterns, __count, SHT_RAW); + + free(__patterns); + } | BYTES_ID_COUNTER { - GSearchPattern *__pat; + const GSearchPattern *__pat; + __pat = g_scan_rule_get_local_variable(*built_rule, $1.data); + if (__pat == NULL) - $$ = NULL; - else { - $$ = g_scan_match_counter_new(__pat); - g_object_unref(G_OBJECT(__pat)); + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Pattern not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; + } + + $$ = g_scan_pattern_handler_new_shared((const GSearchPattern *[]) { __pat }, 1, SHT_COUNTER); + + } + | BYTES_FUZZY_ID_COUNTER + { + size_t __count; + const GSearchPattern **__patterns; + + __patterns = g_scan_rule_get_local_variables(*built_rule, $1.data, &__count); + + if (__patterns == NULL) + { + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Patterns not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; } + + $$ = g_scan_pattern_handler_new_shared(__patterns, __count, SHT_COUNTER); + + free(__patterns); + } | BYTES_ID_START { - GSearchPattern *__pat; + const GSearchPattern *__pat; + __pat = g_scan_rule_get_local_variable(*built_rule, $1.data); + if (__pat == NULL) - $$ = NULL; - else { - $$ = g_scan_pattern_handler_new(__pat, SHT_START); - g_object_unref(G_OBJECT(__pat)); + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Pattern not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; + } + + $$ = g_scan_pattern_handler_new_shared((const GSearchPattern *[]) { __pat }, 1, SHT_START); + + } + | BYTES_FUZZY_ID_START + { + size_t __count; + const GSearchPattern **__patterns; + + __patterns = g_scan_rule_get_local_variables(*built_rule, $1.data, &__count); + + if (__patterns == NULL) + { + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Patterns not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; } + + $$ = g_scan_pattern_handler_new_shared(__patterns, __count, SHT_START); + + free(__patterns); + } | BYTES_ID_LENGTH { - GSearchPattern *__pat; + const GSearchPattern *__pat; + __pat = g_scan_rule_get_local_variable(*built_rule, $1.data); + if (__pat == NULL) - $$ = NULL; - else { - $$ = g_scan_pattern_handler_new(__pat, SHT_LENGTH); - g_object_unref(G_OBJECT(__pat)); + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Pattern not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; } + + $$ = g_scan_pattern_handler_new_shared((const GSearchPattern *[]) { __pat }, 1, SHT_LENGTH); + + } + | BYTES_FUZZY_ID_LENGTH + { + size_t __count; + const GSearchPattern **__patterns; + + __patterns = g_scan_rule_get_local_variables(*built_rule, $1.data, &__count); + + if (__patterns == NULL) + { + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Patterns not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; + } + + $$ = g_scan_pattern_handler_new_shared(__patterns, __count, SHT_LENGTH); + + free(__patterns); + } | BYTES_ID_END { - GSearchPattern *__pat; + const GSearchPattern *__pat; + __pat = g_scan_rule_get_local_variable(*built_rule, $1.data); + if (__pat == NULL) - $$ = NULL; - else { - $$ = g_scan_pattern_handler_new(__pat, SHT_END); - g_object_unref(G_OBJECT(__pat)); + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Pattern not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; + } + + $$ = g_scan_pattern_handler_new_shared((const GSearchPattern *[]) { __pat }, 1, SHT_END); + + } + | BYTES_FUZZY_ID_END + { + size_t __count; + const GSearchPattern **__patterns; + + __patterns = g_scan_rule_get_local_variables(*built_rule, $1.data, &__count); + + if (__patterns == NULL) + { + char *_msg; + int _ret; + + _ret = asprintf(&_msg, _("Patterns not found: \"%s\""), $1.data); + + if (_ret != -1) + { + raise_error(_msg); + free(_msg); + } + + YYERROR; } + + $$ = g_scan_pattern_handler_new_shared(__patterns, __count, SHT_END); + + free(__patterns); + } ; @@ -1353,9 +1840,9 @@ relational_expr : cexpression "<" cexpression { $$ = g_scan_relational_operatio * * ******************************************************************************/ -static int yyerror(GContentScanner *scanner, yyscan_t yyscanner, GScanRule **built_rule, sized_string_t *tmp_0, sized_string_t *tmp_1, void/*GBytesPattern*/ **built_pattern, char **buf, size_t *allocated, size_t *used, char *msg) +static int yyerror(GContentScanner *scanner, yyscan_t yyscanner, GScanRule **built_rule, sized_string_t *tmp_0, sized_string_t *tmp_1, char *msg) { - printf("YYERROR line %d: %s\n", yyget_lineno(yyscanner), msg); + //printf("YYERROR line %d: %s\n", yyget_lineno(yyscanner), msg); return 0; @@ -1382,10 +1869,6 @@ bool process_rules_definitions(GContentScanner *scanner, const char *text, size_ GScanRule *built_rule; /* Règle en construction */ sized_string_t tmp_0; /* Zone tampon #1 */ sized_string_t tmp_1; /* Zone tampon #2 */ - void /*GBytesPattern*/ *built_pattern; /* Motif en construction */ - char *buf; /* Zone de travail temporaire */ - size_t allocated; /* Taille de mémoire allouée */ - size_t used; /* Quantité utilisée */ yyscan_t lexstate; /* Gestion d'analyse lexicale */ YY_BUFFER_STATE state; /* Contexte d'analyse */ int status; /* Bilan d'une analyse */ @@ -1400,19 +1883,11 @@ bool process_rules_definitions(GContentScanner *scanner, const char *text, size_ tmp_1.data = malloc((length + 1) * sizeof(bin_t)); tmp_1.len = 0; - built_pattern = NULL; - - allocated = 256; - used = 0; - - buf = malloc(allocated * sizeof(char)); - buf[0] = '\0'; - rost_lex_init(&lexstate); state = rost__scan_bytes(text, length, lexstate); - status = yyparse(scanner, lexstate, &built_rule, &tmp_0, &tmp_1, &built_pattern, &buf, &allocated, &used); + status = yyparse(scanner, lexstate, &built_rule, &tmp_0, &tmp_1); result = (status == EXIT_SUCCESS); @@ -1423,7 +1898,7 @@ bool process_rules_definitions(GContentScanner *scanner, const char *text, size_ exit_szstr(&tmp_0); exit_szstr(&tmp_1); - free(buf); + g_clear_object(&built_rule); return result; diff --git a/src/analysis/scan/item-int.h b/src/analysis/scan/item-int.h index 0ec4e46..a04b861 100644 --- a/src/analysis/scan/item-int.h +++ b/src/analysis/scan/item-int.h @@ -33,34 +33,39 @@ /* Indique le nom associé à une expression d'évaluation. */ -typedef char * (* get_registered_item_name_fc) (const GRegisteredItem *); +typedef char * (* get_registered_item_name_fc) (const GScanRegisteredItem *); /* Lance une résolution d'élément à solliciter. */ -typedef bool (* resolve_registered_item_fc) (GRegisteredItem *, const char *, GScanContext *, GScanScope *, GRegisteredItem **); +typedef bool (* resolve_registered_item_fc) (GScanRegisteredItem *, const char *, GScanContext *, GScanScope *, GScanRegisteredItem **); /* Réduit une expression à une forme plus simple. */ -typedef bool (* reduce_registered_item_fc) (GRegisteredItem *, GScanContext *, GScanScope *, GScanExpression **); +typedef bool (* reduce_registered_item_fc) (GScanRegisteredItem *, GScanContext *, GScanScope *, GScanExpression **); /* Effectue un appel à une fonction enregistrée. */ -typedef bool (* run_registered_item_call_fc) (GRegisteredItem *, GScanExpression **, size_t, GScanContext *, GScanScope *, GObject **); +typedef bool (* run_registered_item_call_fc) (GScanRegisteredItem *, GScanExpression **, size_t, GScanContext *, GScanScope *, GObject **); + +/* Effectue une extraction d'élément à partir d'une série. */ +typedef GObject * (* extract_registered_item_at) (GScanRegisteredItem *, GScanExpression *, GScanContext *, GScanScope *); /* Expression d'évaluation généraliste (instance) */ -struct _GRegisteredItem +struct _GScanRegisteredItem { GObject parent; /* A laisser en premier */ }; /* Expression d'évaluation généraliste (classe) */ -struct _GRegisteredItemClass +struct _GScanRegisteredItemClass { GObjectClass parent; /* A laisser en premier */ get_registered_item_name_fc get_name; /* Obtention du nom associé */ + resolve_registered_item_fc resolve; /* Opération de résolution */ reduce_registered_item_fc reduce; /* Opération de réduction */ run_registered_item_call_fc run_call; /* Appel à une fonction connue */ + extract_registered_item_at extract; /* Extraction d'un élément */ }; diff --git a/src/analysis/scan/item.c b/src/analysis/scan/item.c index d819f59..509ad28 100644 --- a/src/analysis/scan/item.c +++ b/src/analysis/scan/item.c @@ -35,16 +35,16 @@ /* Initialise la classe des éléments appelables enregistrés. */ -static void g_registered_item_class_init(GRegisteredItemClass *); +static void g_scan_registered_item_class_init(GScanRegisteredItemClass *); /* Initialise une instance d'élément appelable enregistré. */ -static void g_registered_item_init(GRegisteredItem *); +static void g_scan_registered_item_init(GScanRegisteredItem *); /* Supprime toutes les références externes. */ -static void g_registered_item_dispose(GRegisteredItem *); +static void g_scan_registered_item_dispose(GScanRegisteredItem *); /* Procède à la libération totale de la mémoire. */ -static void g_registered_item_finalize(GRegisteredItem *); +static void g_scan_registered_item_finalize(GScanRegisteredItem *); @@ -54,7 +54,7 @@ static void g_registered_item_finalize(GRegisteredItem *); /* Indique le type défini pour un élément appelable et enregistré. */ -G_DEFINE_TYPE(GRegisteredItem, g_registered_item, G_TYPE_OBJECT); +G_DEFINE_TYPE(GScanRegisteredItem, g_scan_registered_item, G_TYPE_OBJECT); /****************************************************************************** @@ -69,14 +69,14 @@ G_DEFINE_TYPE(GRegisteredItem, g_registered_item, G_TYPE_OBJECT); * * ******************************************************************************/ -static void g_registered_item_class_init(GRegisteredItemClass *klass) +static void g_scan_registered_item_class_init(GScanRegisteredItemClass *klass) { GObjectClass *object; /* Autre version de la classe */ object = G_OBJECT_CLASS(klass); - object->dispose = (GObjectFinalizeFunc/* ! */)g_registered_item_dispose; - object->finalize = (GObjectFinalizeFunc)g_registered_item_finalize; + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_registered_item_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_registered_item_finalize; } @@ -93,7 +93,7 @@ static void g_registered_item_class_init(GRegisteredItemClass *klass) * * ******************************************************************************/ -static void g_registered_item_init(GRegisteredItem *item) +static void g_scan_registered_item_init(GScanRegisteredItem *item) { } @@ -111,9 +111,9 @@ static void g_registered_item_init(GRegisteredItem *item) * * ******************************************************************************/ -static void g_registered_item_dispose(GRegisteredItem *item) +static void g_scan_registered_item_dispose(GScanRegisteredItem *item) { - G_OBJECT_CLASS(g_registered_item_parent_class)->dispose(G_OBJECT(item)); + G_OBJECT_CLASS(g_scan_registered_item_parent_class)->dispose(G_OBJECT(item)); } @@ -130,9 +130,9 @@ static void g_registered_item_dispose(GRegisteredItem *item) * * ******************************************************************************/ -static void g_registered_item_finalize(GRegisteredItem *item) +static void g_scan_registered_item_finalize(GScanRegisteredItem *item) { - G_OBJECT_CLASS(g_registered_item_parent_class)->finalize(G_OBJECT(item)); + G_OBJECT_CLASS(g_scan_registered_item_parent_class)->finalize(G_OBJECT(item)); } @@ -149,12 +149,12 @@ static void g_registered_item_finalize(GRegisteredItem *item) * * ******************************************************************************/ -char *g_registered_item_get_name(const GRegisteredItem *item) +char *g_scan_registered_item_get_name(const GScanRegisteredItem *item) { char *result; /* Désignation à retourner */ - GRegisteredItemClass *class; /* Classe à activer */ + GScanRegisteredItemClass *class; /* Classe à activer */ - class = G_REGISTERED_ITEM_GET_CLASS(item); + class = G_SCAN_REGISTERED_ITEM_GET_CLASS(item); result = class->get_name(item); @@ -179,14 +179,14 @@ char *g_registered_item_get_name(const GRegisteredItem *item) * * ******************************************************************************/ -bool g_registered_item_resolve(GRegisteredItem *item, const char *target, GScanContext *ctx, GScanScope *scope, GRegisteredItem **out) +bool g_scan_registered_item_resolve(GScanRegisteredItem *item, const char *target, GScanContext *ctx, GScanScope *scope, GScanRegisteredItem **out) { bool result; /* Bilan à retourner */ - GRegisteredItemClass *class; /* Classe à activer */ + GScanRegisteredItemClass *class; /* Classe à activer */ *out = NULL; - class = G_REGISTERED_ITEM_GET_CLASS(item); + class = G_SCAN_REGISTERED_ITEM_GET_CLASS(item); if (class->resolve == NULL) result = false; @@ -221,14 +221,14 @@ bool g_registered_item_resolve(GRegisteredItem *item, const char *target, GScanC * * ******************************************************************************/ -bool g_registered_item_reduce(GRegisteredItem *item, GScanContext *ctx, GScanScope *scope, GScanExpression **out) +bool g_scan_registered_item_reduce(GScanRegisteredItem *item, GScanContext *ctx, GScanScope *scope, GScanExpression **out) { bool result; /* Bilan à retourner */ - GRegisteredItemClass *class; /* Classe à activer */ + GScanRegisteredItemClass *class; /* Classe à activer */ *out = NULL; - class = G_REGISTERED_ITEM_GET_CLASS(item); + class = G_SCAN_REGISTERED_ITEM_GET_CLASS(item); if (class->reduce == NULL) result = false; @@ -265,14 +265,14 @@ bool g_registered_item_reduce(GRegisteredItem *item, GScanContext *ctx, GScanSco * * ******************************************************************************/ -bool g_registered_item_run_call(GRegisteredItem *item, GScanExpression **args, size_t count, GScanContext *ctx, GScanScope *scope, GObject **out) +bool g_scan_registered_item_run_call(GScanRegisteredItem *item, GScanExpression **args, size_t count, GScanContext *ctx, GScanScope *scope, GObject **out) { bool result; /* Bilan à retourner */ - GRegisteredItemClass *class; /* Classe à activer */ + GScanRegisteredItemClass *class; /* Classe à activer */ *out = NULL; - class = G_REGISTERED_ITEM_GET_CLASS(item); + class = G_SCAN_REGISTERED_ITEM_GET_CLASS(item); if (class->run_call == NULL) result = false; @@ -290,3 +290,36 @@ bool g_registered_item_run_call(GRegisteredItem *item, GScanExpression **args, s return result; } + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* index = indice de l'élément à cibler. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* * +* Description : Effectue une extraction d'élément à partir d'une série. * +* * +* Retour : Elément de série obtenu ou NULL si erreur irrécupérable. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GObject *g_scan_registered_item_extract_at(GScanRegisteredItem *item, GScanExpression *index, GScanContext *ctx, GScanScope *scope) +{ + GObject *result; /* Elément récupéré à renvoyer */ + GScanRegisteredItemClass *class; /* Classe à activer */ + + class = G_SCAN_REGISTERED_ITEM_GET_CLASS(item); + + if (class->extract == NULL) + result = NULL; + + else + result = class->extract(item, index, ctx, scope); + + return result; + +} diff --git a/src/analysis/scan/item.h b/src/analysis/scan/item.h index fee1e2c..a6c56c3 100644 --- a/src/analysis/scan/item.h +++ b/src/analysis/scan/item.h @@ -34,35 +34,38 @@ -#define G_TYPE_REGISTERED_ITEM g_registered_item_get_type() -#define G_REGISTERED_ITEM(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_REGISTERED_ITEM, GRegisteredItem)) -#define G_IS_REGISTERED_ITEM(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_REGISTERED_ITEM)) -#define G_REGISTERED_ITEM_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_REGISTERED_ITEM, GRegisteredItemClass)) -#define G_IS_REGISTERED_ITEM_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_REGISTERED_ITEM)) -#define G_REGISTERED_ITEM_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_REGISTERED_ITEM, GRegisteredItemClass)) +#define G_TYPE_SCAN_REGISTERED_ITEM g_scan_registered_item_get_type() +#define G_SCAN_REGISTERED_ITEM(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_REGISTERED_ITEM, GScanRegisteredItem)) +#define G_IS_SCAN_REGISTERED_ITEM(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_REGISTERED_ITEM)) +#define G_SCAN_REGISTERED_ITEM_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_REGISTERED_ITEM, GScanRegisteredItemClass)) +#define G_IS_SCAN_REGISTERED_ITEM_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_REGISTERED_ITEM)) +#define G_SCAN_REGISTERED_ITEM_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_REGISTERED_ITEM, GScanRegisteredItemClass)) /* Expression d'évaluation généraliste (instance) */ -typedef struct _GRegisteredItem GRegisteredItem; +typedef struct _GScanRegisteredItem GScanRegisteredItem; /* Expression d'évaluation généraliste (classe) */ -typedef struct _GRegisteredItemClass GRegisteredItemClass; +typedef struct _GScanRegisteredItemClass GScanRegisteredItemClass; /* Indique le type défini pour un élément appelable et enregistré. */ -GType g_registered_item_get_type(void); +GType g_scan_registered_item_get_type(void); /* Indique le nom associé à une expression d'évaluation. */ -char *g_registered_item_get_name(const GRegisteredItem *); +char *g_scan_registered_item_get_name(const GScanRegisteredItem *); /* Lance une résolution d'élément à solliciter. */ -bool g_registered_item_resolve(GRegisteredItem *, const char *, GScanContext *, GScanScope *, GRegisteredItem **); +bool g_scan_registered_item_resolve(GScanRegisteredItem *, const char *, GScanContext *, GScanScope *, GScanRegisteredItem **); /* Réduit une expression à une forme plus simple. */ -bool g_registered_item_reduce(GRegisteredItem *, GScanContext *, GScanScope *, GScanExpression **); +bool g_scan_registered_item_reduce(GScanRegisteredItem *, GScanContext *, GScanScope *, GScanExpression **); /* Effectue un appel à une fonction enregistrée. */ -bool g_registered_item_run_call(GRegisteredItem *, GScanExpression **, size_t, GScanContext *, GScanScope *, GObject **); +bool g_scan_registered_item_run_call(GScanRegisteredItem *, GScanExpression **, size_t, GScanContext *, GScanScope *, GObject **); + +/* Effectue une extraction d'élément à partir d'une série. */ +GObject *g_scan_registered_item_extract_at(GScanRegisteredItem *, GScanExpression *, GScanContext *, GScanScope *); diff --git a/src/analysis/scan/items/Makefile.am b/src/analysis/scan/items/Makefile.am index 89ae41e..9263c7b 100644 --- a/src/analysis/scan/items/Makefile.am +++ b/src/analysis/scan/items/Makefile.am @@ -14,6 +14,8 @@ endif libanalysisscanitems_la_SOURCES = \ count.h count.c \ datasize.h datasize.c \ + maxcommon.h maxcommon.c \ + modpath.h modpath.c \ uint-int.h \ uint.h uint.c diff --git a/src/analysis/scan/items/console/log.c b/src/analysis/scan/items/console/log.c index 02b6207..90e8f03 100644 --- a/src/analysis/scan/items/console/log.c +++ b/src/analysis/scan/items/console/log.c @@ -66,7 +66,7 @@ static bool g_scan_console_log_function_run_call(GScanConsoleLogFunction *, GSca /* Indique le type défini pour un afficheur de messages arbitraires. */ -G_DEFINE_TYPE(GScanConsoleLogFunction, g_scan_console_log_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanConsoleLogFunction, g_scan_console_log_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -84,14 +84,14 @@ G_DEFINE_TYPE(GScanConsoleLogFunction, g_scan_console_log_function, G_TYPE_REGIS static void g_scan_console_log_function_class_init(GScanConsoleLogFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_console_log_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_console_log_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_console_log_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_console_log_function_run_call; diff --git a/src/analysis/scan/items/console/log.h b/src/analysis/scan/items/console/log.h index 3e72ad8..95fc55f 100644 --- a/src/analysis/scan/items/console/log.h +++ b/src/analysis/scan/items/console/log.h @@ -41,10 +41,10 @@ /* Mesure de la quantité de données scannées (instance) */ -typedef GRegisteredItem GScanConsoleLogFunction; +typedef GScanRegisteredItem GScanConsoleLogFunction; /* Mesure de la quantité de données scannées (classe) */ -typedef GRegisteredItemClass GScanConsoleLogFunctionClass; +typedef GScanRegisteredItemClass GScanConsoleLogFunctionClass; /* Indique le type défini pour un afficheur de messages arbitraires. */ diff --git a/src/analysis/scan/items/count.c b/src/analysis/scan/items/count.c index 9040ec4..1d01867 100644 --- a/src/analysis/scan/items/count.c +++ b/src/analysis/scan/items/count.c @@ -64,7 +64,7 @@ static bool g_scan_count_function_run_call(GScanCountFunction *, GScanExpression /* Indique le type défini pour un décompte d'ensemble. */ -G_DEFINE_TYPE(GScanCountFunction, g_scan_count_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanCountFunction, g_scan_count_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -82,14 +82,14 @@ G_DEFINE_TYPE(GScanCountFunction, g_scan_count_function, G_TYPE_REGISTERED_ITEM) static void g_scan_count_function_class_init(GScanCountFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_count_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_count_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_count_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_count_function_run_call; @@ -165,9 +165,9 @@ static void g_scan_count_function_finalize(GScanCountFunction *func) * * ******************************************************************************/ -GRegisteredItem *g_scan_count_function_new(void) +GScanRegisteredItem *g_scan_count_function_new(void) { - GScanCountFunction *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_COUNT_FUNCTION, NULL); @@ -225,17 +225,24 @@ static char *g_scan_count_function_get_name(const GScanCountFunction *item) static bool g_scan_count_function_run_call(GScanCountFunction *item, GScanExpression **args, size_t count, GScanContext *ctx, GScanScope *scope, GObject **out) { bool result; /* Bilan à retourner */ + size_t sum; /* Somme des décomptes */ + size_t i; /* Boucle de parcours */ size_t value; /* Nouveau décompte */ - if (count != 1) - result = false; + result = (count > 0); - else + if (result) { - result = g_scan_expression_count_items(args[0], ctx, &value); + sum = 0; + + for (i = 0; i < count && result; i++) + { + result = g_scan_expression_count_items(args[i], ctx, &value); + sum += value; + } if (result) - *out = G_OBJECT(g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, (unsigned long long []){ value })); + *out = G_OBJECT(g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, (unsigned long long []){ sum })); } diff --git a/src/analysis/scan/items/count.h b/src/analysis/scan/items/count.h index 2429e40..d83714e 100644 --- a/src/analysis/scan/items/count.h +++ b/src/analysis/scan/items/count.h @@ -41,17 +41,17 @@ /* Mesure de la quantité de données scannées (instance) */ -typedef GRegisteredItem GScanCountFunction; +typedef GScanRegisteredItem GScanCountFunction; /* Mesure de la quantité de données scannées (classe) */ -typedef GRegisteredItemClass GScanCountFunctionClass; +typedef GScanRegisteredItemClass GScanCountFunctionClass; /* Indique le type défini pour un décompte d'ensemble. */ GType g_scan_count_function_get_type(void); /* Constitue une fonction de décompte d'éléments d'un ensemble. */ -GRegisteredItem *g_scan_count_function_new(void); +GScanRegisteredItem *g_scan_count_function_new(void); diff --git a/src/analysis/scan/items/datasize.c b/src/analysis/scan/items/datasize.c index 55e2d3b..11fe649 100644 --- a/src/analysis/scan/items/datasize.c +++ b/src/analysis/scan/items/datasize.c @@ -66,7 +66,7 @@ static bool g_scan_datasize_function_run_call(GScanDatasizeFunction *, GScanExpr /* Indique le type défini pour une mesure de quantité de données scannées. */ -G_DEFINE_TYPE(GScanDatasizeFunction, g_scan_datasize_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanDatasizeFunction, g_scan_datasize_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -84,14 +84,14 @@ G_DEFINE_TYPE(GScanDatasizeFunction, g_scan_datasize_function, G_TYPE_REGISTERED static void g_scan_datasize_function_class_init(GScanDatasizeFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_datasize_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_datasize_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_datasize_function_get_name; registered->reduce = (reduce_registered_item_fc)g_scan_datasize_function_reduce; @@ -168,9 +168,9 @@ static void g_scan_datasize_function_finalize(GScanDatasizeFunction *func) * * ******************************************************************************/ -GRegisteredItem *g_scan_datasize_function_new(void) +GScanRegisteredItem *g_scan_datasize_function_new(void) { - GScanDatasizeFunction *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_DATASIZE_FUNCTION, NULL); diff --git a/src/analysis/scan/items/datasize.h b/src/analysis/scan/items/datasize.h index 476df2d..daa71d1 100644 --- a/src/analysis/scan/items/datasize.h +++ b/src/analysis/scan/items/datasize.h @@ -41,17 +41,17 @@ /* Mesure de la quantité de données scannées (instance) */ -typedef GRegisteredItem GScanDatasizeFunction; +typedef GScanRegisteredItem GScanDatasizeFunction; /* Mesure de la quantité de données scannées (classe) */ -typedef GRegisteredItemClass GScanDatasizeFunctionClass; +typedef GScanRegisteredItemClass GScanDatasizeFunctionClass; /* Indique le type défini pour une mesure de quantité de données scannées. */ GType g_scan_datasize_function_get_type(void); /* Constitue une fonction de récupération de taille de données. */ -GRegisteredItem *g_scan_datasize_function_new(void); +GScanRegisteredItem *g_scan_datasize_function_new(void); diff --git a/src/analysis/scan/items/magic/mime-encoding.c b/src/analysis/scan/items/magic/mime-encoding.c index 935515d..aee23ff 100644 --- a/src/analysis/scan/items/magic/mime-encoding.c +++ b/src/analysis/scan/items/magic/mime-encoding.c @@ -64,7 +64,7 @@ static bool g_scan_mime_encoding_function_run_call(GScanMimeEncodingFunction *, /* Indique le type défini pour une reconnaissance d'encodages de contenus. */ -G_DEFINE_TYPE(GScanMimeEncodingFunction, g_scan_mime_encoding_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanMimeEncodingFunction, g_scan_mime_encoding_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -82,14 +82,14 @@ G_DEFINE_TYPE(GScanMimeEncodingFunction, g_scan_mime_encoding_function, G_TYPE_R static void g_scan_mime_encoding_function_class_init(GScanMimeEncodingFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_mime_encoding_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_mime_encoding_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_mime_encoding_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_mime_encoding_function_run_call; @@ -165,9 +165,9 @@ static void g_scan_mime_encoding_function_finalize(GScanMimeEncodingFunction *fu * * ******************************************************************************/ -GRegisteredItem *g_scan_mime_encoding_function_new(void) +GScanRegisteredItem *g_scan_mime_encoding_function_new(void) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_MIME_ENCODING_FUNCTION, NULL); diff --git a/src/analysis/scan/items/magic/mime-encoding.h b/src/analysis/scan/items/magic/mime-encoding.h index 9349d55..45ac241 100644 --- a/src/analysis/scan/items/magic/mime-encoding.h +++ b/src/analysis/scan/items/magic/mime-encoding.h @@ -41,17 +41,17 @@ /* Reconnaissance d'encodages de contenus (instance) */ -typedef GRegisteredItem GScanMimeEncodingFunction; +typedef GScanRegisteredItem GScanMimeEncodingFunction; /* Reconnaissance d'encodages de contenus (classe) */ -typedef GRegisteredItemClass GScanMimeEncodingFunctionClass; +typedef GScanRegisteredItemClass GScanMimeEncodingFunctionClass; /* Indique le type défini pour une reconnaissance d'encodages de contenus. */ GType g_scan_mime_encoding_function_get_type(void); /* Constitue une fonction de cernement d'encodages de contenus. */ -GRegisteredItem *g_scan_mime_encoding_function_new(void); +GScanRegisteredItem *g_scan_mime_encoding_function_new(void); diff --git a/src/analysis/scan/items/magic/mime-type.c b/src/analysis/scan/items/magic/mime-type.c index 95e441d..0635a33 100644 --- a/src/analysis/scan/items/magic/mime-type.c +++ b/src/analysis/scan/items/magic/mime-type.c @@ -64,7 +64,7 @@ static bool g_scan_mime_type_function_run_call(GScanMimeTypeFunction *, GScanExp /* Indique le type défini pour une reconnaissance de types de contenus. */ -G_DEFINE_TYPE(GScanMimeTypeFunction, g_scan_mime_type_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanMimeTypeFunction, g_scan_mime_type_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -82,14 +82,14 @@ G_DEFINE_TYPE(GScanMimeTypeFunction, g_scan_mime_type_function, G_TYPE_REGISTERE static void g_scan_mime_type_function_class_init(GScanMimeTypeFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_mime_type_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_mime_type_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_mime_type_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_mime_type_function_run_call; @@ -165,9 +165,9 @@ static void g_scan_mime_type_function_finalize(GScanMimeTypeFunction *func) * * ******************************************************************************/ -GRegisteredItem *g_scan_mime_type_function_new(void) +GScanRegisteredItem *g_scan_mime_type_function_new(void) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_MIME_TYPE_FUNCTION, NULL); diff --git a/src/analysis/scan/items/magic/mime-type.h b/src/analysis/scan/items/magic/mime-type.h index e02ce0f..f46cd15 100644 --- a/src/analysis/scan/items/magic/mime-type.h +++ b/src/analysis/scan/items/magic/mime-type.h @@ -41,17 +41,17 @@ /* Reconnaissance de types de contenus (instance) */ -typedef GRegisteredItem GScanMimeTypeFunction; +typedef GScanRegisteredItem GScanMimeTypeFunction; /* Reconnaissance de types de contenus (classe) */ -typedef GRegisteredItemClass GScanMimeTypeFunctionClass; +typedef GScanRegisteredItemClass GScanMimeTypeFunctionClass; /* Indique le type défini pour une reconnaissance de types de contenus. */ GType g_scan_mime_type_function_get_type(void); /* Constitue une fonction d'identification de types de contenus. */ -GRegisteredItem *g_scan_mime_type_function_new(void); +GScanRegisteredItem *g_scan_mime_type_function_new(void); diff --git a/src/analysis/scan/items/magic/type.c b/src/analysis/scan/items/magic/type.c index f87c34a..43b16ff 100644 --- a/src/analysis/scan/items/magic/type.c +++ b/src/analysis/scan/items/magic/type.c @@ -64,7 +64,7 @@ static bool g_scan_magic_type_function_run_call(GScanMagicTypeFunction *, GScanE /* Indique le type défini pour une reconnaissance de types de contenus. */ -G_DEFINE_TYPE(GScanMagicTypeFunction, g_scan_magic_type_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanMagicTypeFunction, g_scan_magic_type_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -82,14 +82,14 @@ G_DEFINE_TYPE(GScanMagicTypeFunction, g_scan_magic_type_function, G_TYPE_REGISTE static void g_scan_magic_type_function_class_init(GScanMagicTypeFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_magic_type_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_magic_type_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_magic_type_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_magic_type_function_run_call; @@ -165,9 +165,9 @@ static void g_scan_magic_type_function_finalize(GScanMagicTypeFunction *func) * * ******************************************************************************/ -GRegisteredItem *g_scan_magic_type_function_new(void) +GScanRegisteredItem *g_scan_magic_type_function_new(void) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_MAGIC_TYPE_FUNCTION, NULL); diff --git a/src/analysis/scan/items/magic/type.h b/src/analysis/scan/items/magic/type.h index bfad213..7a26da3 100644 --- a/src/analysis/scan/items/magic/type.h +++ b/src/analysis/scan/items/magic/type.h @@ -41,17 +41,17 @@ /* Reconnaissance de types de contenus (instance) */ -typedef GRegisteredItem GScanMagicTypeFunction; +typedef GScanRegisteredItem GScanMagicTypeFunction; /* Reconnaissance de types de contenus (classe) */ -typedef GRegisteredItemClass GScanMagicTypeFunctionClass; +typedef GScanRegisteredItemClass GScanMagicTypeFunctionClass; /* Indique le type défini pour une reconnaissance de types de contenus. */ GType g_scan_magic_type_function_get_type(void); /* Constitue une fonction d'identification de types de contenus. */ -GRegisteredItem *g_scan_magic_type_function_new(void); +GScanRegisteredItem *g_scan_magic_type_function_new(void); diff --git a/src/analysis/scan/items/math/to_string.c b/src/analysis/scan/items/math/to_string.c index 4bb8363..5debb61 100644 --- a/src/analysis/scan/items/math/to_string.c +++ b/src/analysis/scan/items/math/to_string.c @@ -70,7 +70,7 @@ static bool g_scan_math_to_string_function_run_call(GScanMathToStringFunction *, /* Indique le type défini pour une conversion d'entier en texte. */ -G_DEFINE_TYPE(GScanMathToStringFunction, g_scan_math_to_string_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanMathToStringFunction, g_scan_math_to_string_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -88,14 +88,14 @@ G_DEFINE_TYPE(GScanMathToStringFunction, g_scan_math_to_string_function, G_TYPE_ static void g_scan_math_to_string_function_class_init(GScanMathToStringFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_math_to_string_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_math_to_string_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_math_to_string_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_math_to_string_function_run_call; @@ -171,9 +171,9 @@ static void g_scan_math_to_string_function_finalize(GScanMathToStringFunction *f * * ******************************************************************************/ -GRegisteredItem *g_scan_math_to_string_function_new(void) +GScanRegisteredItem *g_scan_math_to_string_function_new(void) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_MATH_TO_STRING_FUNCTION, NULL); diff --git a/src/analysis/scan/items/math/to_string.h b/src/analysis/scan/items/math/to_string.h index 19f0020..b9213a9 100644 --- a/src/analysis/scan/items/math/to_string.h +++ b/src/analysis/scan/items/math/to_string.h @@ -41,17 +41,17 @@ /* Conversion d'une valeur entière en valeur textuelle (instance) */ -typedef GRegisteredItem GScanMathToStringFunction; +typedef GScanRegisteredItem GScanMathToStringFunction; /* Conversion d'une valeur entière en valeur textuelle (classe) */ -typedef GRegisteredItemClass GScanMathToStringFunctionClass; +typedef GScanRegisteredItemClass GScanMathToStringFunctionClass; /* Indique le type défini pour une conversion d'entier en texte. */ GType g_scan_math_to_string_function_get_type(void); /* Crée une fonction de conversion de valeur entière en texte. */ -GRegisteredItem *g_scan_math_to_string_function_new(void); +GScanRegisteredItem *g_scan_math_to_string_function_new(void); diff --git a/src/analysis/scan/items/maxcommon.c b/src/analysis/scan/items/maxcommon.c new file mode 100644 index 0000000..e8c4db3 --- /dev/null +++ b/src/analysis/scan/items/maxcommon.c @@ -0,0 +1,374 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * maxcommon.c - détermination de la plus grand occurrence au sein d'un ensemble d'éléments + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "maxcommon.h" + + +#include <assert.h> +#include <malloc.h> + + +#include "../item-int.h" +#include "../exprs/literal.h" +#include "../../../glibext/comparison-int.h" + + + +/* ---------------------- INTRODUCTION D'UNE NOUVELLE FONCTION ---------------------- */ + + +/* Initialise la classe des repérages de plus grande occurrence. */ +static void g_scan_maxcommon_function_class_init(GScanMaxcommonFunctionClass *); + +/* Initialise une instance de repérage d'occurrence maximake. */ +static void g_scan_maxcommon_function_init(GScanMaxcommonFunction *); + +/* Supprime toutes les références externes. */ +static void g_scan_maxcommon_function_dispose(GScanMaxcommonFunction *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_maxcommon_function_finalize(GScanMaxcommonFunction *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Indique le nom associé à une expression d'évaluation. */ +static char *g_scan_maxcommon_function_get_name(const GScanMaxcommonFunction *); + +/* Réduit une expression à une forme plus simple. */ +static bool g_scan_maxcommon_function_run_call(GScanMaxcommonFunction *, GScanExpression **, size_t, GScanContext *, GScanScope *, GObject **); + + + +/* ---------------------------------------------------------------------------------- */ +/* INTRODUCTION D'UNE NOUVELLE FONCTION */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour un décompte d'élément le plus représenté dans une série. */ +G_DEFINE_TYPE(GScanMaxcommonFunction, g_scan_maxcommon_function, G_TYPE_SCAN_REGISTERED_ITEM); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des repérages de plus grande occurrence.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_maxcommon_function_class_init(GScanMaxcommonFunctionClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_maxcommon_function_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_maxcommon_function_finalize; + + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); + + registered->get_name = (get_registered_item_name_fc)g_scan_maxcommon_function_get_name; + registered->run_call = (run_registered_item_call_fc)g_scan_maxcommon_function_run_call; + +} + + +/****************************************************************************** +* * +* Paramètres : func = instance à initialiser. * +* * +* Description : Initialise une instance de repérage d'occurrence maximake. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_maxcommon_function_init(GScanMaxcommonFunction *func) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : func = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_maxcommon_function_dispose(GScanMaxcommonFunction *func) +{ + G_OBJECT_CLASS(g_scan_maxcommon_function_parent_class)->dispose(G_OBJECT(func)); + +} + + +/****************************************************************************** +* * +* Paramètres : func = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_maxcommon_function_finalize(GScanMaxcommonFunction *func) +{ + G_OBJECT_CLASS(g_scan_maxcommon_function_parent_class)->finalize(G_OBJECT(func)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Constitue une fonction de calcul de plus grande occurrence. * +* * +* Retour : Fonction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanRegisteredItem *g_scan_maxcommon_function_new(void) +{ + GScanRegisteredItem *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_MAXCOMMON_FUNCTION, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* * +* Description : Indique le nom associé à une expression d'évaluation. * +* * +* Retour : Désignation humaine de l'expression d'évaluation. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_maxcommon_function_get_name(const GScanMaxcommonFunction *item) +{ + char *result; /* Désignation à retourner */ + + result = strdup("maxcommon"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* args = liste d'éventuels arguments fournis. * +* count = taille de cette liste. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la résolution opérée. [OUT] * +* * +* Description : Réduit une expression à une forme plus simple. * +* * +* Retour : Réduction correspondante, expression déjà réduite, ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_maxcommon_function_run_call(GScanMaxcommonFunction *item, GScanExpression **args, size_t count, GScanContext *ctx, GScanScope *scope, GObject **out) +{ + bool result; /* Bilan à retourner */ + size_t used; /* Prochain emplacement libre */ + GScanExpression **collected; /* Représentants de groupes */ + size_t *scores; /* Taille de ces groupes */ + size_t i; /* Boucle de parcours #1 */ + size_t k; /* Boucle de parcours #2 */ + bool status; /* Bilan de la comparaison */ + bool equal; /* Egalité établie ? */ + size_t arg0_count; /* Taille de l'argument unique */ + GScanExpression *arg0_item; /* Elément de cet argument */ + size_t best; /* Meilleur score identifié */ + + result = (count > 0); + if (!result) goto exit; + + used = 0; + + /* Si la série à étudier est directement fournie */ + if (count > 1) + { + collected = malloc(count * sizeof(GScanExpression *)); + scores = malloc(count * sizeof(size_t)); + + for (i = 0; i < count; i++) + { + for (k = 0; k < used; k++) + { + status = g_comparable_item_compare_rich(G_COMPARABLE_ITEM(args[i]), + G_COMPARABLE_ITEM(collected[k]), + RCO_EQ, &equal); + + if (status && equal) + break; + + } + + if (k < used) + scores[k]++; + + else + { + collected[used] = args[i]; + g_object_ref(G_OBJECT(args[i])); + scores[used] = 1; + + used++; + + } + + } + + } + + /* Sinon on considère que l'arguement unique porte la liste (idéalement) */ + else + { + if (G_IS_SCAN_LITERAL_EXPRESSION(args[0]) || !g_scan_expression_handle_set_features(args[0])) + { + best = 1; + goto quick_unique; + } + +#ifndef NDEBUG + g_scan_expression_count_items(args[0], ctx, &arg0_count); +#else + status = g_scan_expression_count_items(args[0], ctx, &arg0_count); + assert(status); +#endif + + collected = malloc(arg0_count * sizeof(GScanExpression *)); + scores = malloc(arg0_count * sizeof(size_t)); + + if (arg0_count == 0) + { + best = 0; + goto quick_empty; + } + + for (i = 0; i < arg0_count; i++) + { +#ifndef NDEBUG + g_scan_expression_get_item(args[0], i, ctx, &arg0_item); +#else + status = g_scan_expression_get_item(args[0], i, ctx, &arg0_item); + assert(status); +#endif + + for (k = 0; k < used; k++) + { + status = g_comparable_item_compare_rich(G_COMPARABLE_ITEM(arg0_item), + G_COMPARABLE_ITEM(collected[k]), + RCO_EQ, &equal); + + if (status && equal) + break; + + } + + if (k < used) + { + g_object_unref(G_OBJECT(arg0_item)); + scores[k]++; + } + + else + { + collected[used] = arg0_item; + scores[used] = 1; + + used++; + + } + + } + + } + + /* Analyse des résultats */ + + best = 0; + + for (i = 0; i < used; i++) + if (scores[i] > best) + best = scores[i]; + + for (i = 0; i < used; i++) + g_object_unref(G_OBJECT(collected[i])); + + free(collected); + free(scores); + + quick_unique: + + assert(best > 0); + + quick_empty: + + *out = G_OBJECT(g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, (unsigned long long []){ best })); + + exit: + + return result; + +} diff --git a/src/analysis/scan/items/maxcommon.h b/src/analysis/scan/items/maxcommon.h new file mode 100644 index 0000000..a834c00 --- /dev/null +++ b/src/analysis/scan/items/maxcommon.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * maxcommon.h - prototypes pour la détermination de la plus grand occurrence au sein d'un ensemble d'éléments + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_ITEMS_MAXCOMMON_H +#define _ANALYSIS_SCAN_ITEMS_MAXCOMMON_H + + +#include <glib-object.h> + + +#include "../item.h" + + + +#define G_TYPE_SCAN_MAXCOMMON_FUNCTION g_scan_maxcommon_function_get_type() +#define G_SCAN_MAXCOMMON_FUNCTION(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_MAXCOMMON_FUNCTION, GScanMaxcommonFunction)) +#define G_IS_SCAN_MAXCOMMON_FUNCTION(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_MAXCOMMON_FUNCTION)) +#define G_SCAN_MAXCOMMON_FUNCTION_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_MAXCOMMON_FUNCTION, GScanMaxcommonFunctionClass)) +#define G_IS_SCAN_MAXCOMMON_FUNCTION_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_MAXCOMMON_FUNCTION)) +#define G_SCAN_MAXCOMMON_FUNCTION_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_MAXCOMMON_FUNCTION, GScanMaxcommonFunctionClass)) + + +/* Détermination de la plus grand occurrence au sein d'un ensemble (instance) */ +typedef GScanRegisteredItem GScanMaxcommonFunction; + +/* Détermination de la plus grand occurrence au sein d'un ensemble (classe) */ +typedef GScanRegisteredItemClass GScanMaxcommonFunctionClass; + + +/* Indique le type défini pour un décompte d'élément le plus représenté dans une série. */ +GType g_scan_maxcommon_function_get_type(void); + +/* Constitue une fonction de calcul de plus grande occurrence. */ +GScanRegisteredItem *g_scan_maxcommon_function_new(void); + + + +#endif /* _ANALYSIS_SCAN_ITEMS_MAXCOMMON_H */ diff --git a/src/analysis/scan/items/modpath.c b/src/analysis/scan/items/modpath.c new file mode 100644 index 0000000..62d3387 --- /dev/null +++ b/src/analysis/scan/items/modpath.c @@ -0,0 +1,306 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * modpath.c - récupération des combinaisons de modification de motifs + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "modpath.h" + + +#include "../item-int.h" + + +#include "../exprs/handler.h" +#include "../exprs/literal.h" +#include "../exprs/set.h" +#include "../matches/bytes.h" + + + +/* ---------------------- INTRODUCTION D'UNE NOUVELLE FONCTION ---------------------- */ + + +/* Initialise la classe des énumérations de formules de motifs. */ +static void g_scan_modpath_function_class_init(GScanModpathFunctionClass *); + +/* Initialise une instance d'énumération de formules de motifs. */ +static void g_scan_modpath_function_init(GScanModpathFunction *); + +/* Supprime toutes les références externes. */ +static void g_scan_modpath_function_dispose(GScanModpathFunction *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_modpath_function_finalize(GScanModpathFunction *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Indique le nom associé à une expression d'évaluation. */ +static char *g_scan_modpath_function_get_name(const GScanModpathFunction *); + +/* Réduit une expression à une forme plus simple. */ +static bool g_scan_modpath_function_run_call(GScanModpathFunction *, GScanExpression **, size_t, GScanContext *, GScanScope *, GObject **); + + + +/* ---------------------------------------------------------------------------------- */ +/* INTRODUCTION D'UNE NOUVELLE FONCTION */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une énumération de formules créant des motifs. */ +G_DEFINE_TYPE(GScanModpathFunction, g_scan_modpath_function, G_TYPE_SCAN_REGISTERED_ITEM); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des énumérations de formules de motifs. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_modpath_function_class_init(GScanModpathFunctionClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_modpath_function_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_modpath_function_finalize; + + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); + + registered->get_name = (get_registered_item_name_fc)g_scan_modpath_function_get_name; + registered->run_call = (run_registered_item_call_fc)g_scan_modpath_function_run_call; + +} + + +/****************************************************************************** +* * +* Paramètres : func = instance à initialiser. * +* * +* Description : Initialise une instance d'énumération de formules de motifs. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_modpath_function_init(GScanModpathFunction *func) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : func = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_modpath_function_dispose(GScanModpathFunction *func) +{ + G_OBJECT_CLASS(g_scan_modpath_function_parent_class)->dispose(G_OBJECT(func)); + +} + + +/****************************************************************************** +* * +* Paramètres : func = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_modpath_function_finalize(GScanModpathFunction *func) +{ + G_OBJECT_CLASS(g_scan_modpath_function_parent_class)->finalize(G_OBJECT(func)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Constitue une fonction d'énumération des formules de motifs. * +* * +* Retour : Fonction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanRegisteredItem *g_scan_modpath_function_new(void) +{ + GScanRegisteredItem *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_MODPATH_FUNCTION, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* * +* Description : Indique le nom associé à une expression d'évaluation. * +* * +* Retour : Désignation humaine de l'expression d'évaluation. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_modpath_function_get_name(const GScanModpathFunction *item) +{ + char *result; /* Désignation à retourner */ + + result = strdup("modpath"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* args = liste d'éventuels arguments fournis. * +* count = taille de cette liste. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la résolution opérée. [OUT] * +* * +* Description : Réduit une expression à une forme plus simple. * +* * +* Retour : Réduction correspondante, expression déjà réduite, ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_modpath_function_run_call(GScanModpathFunction *item, GScanExpression **args, size_t count, GScanContext *ctx, GScanScope *scope, GObject **out) +{ + + return false; + +#if 0 /* FIXME */ + + bool result; /* Bilan à retourner */ + size_t i; /* Boucle de parcours #1 */ + size_t mcount; /* Quantité de correspondances */ + GScanMatch **matches; /* Correspondances établies */ + size_t k; /* Boucle de parcours #2 */ + sized_string_t path; /* Combinaison à conserver */ + GScanExpression *subitem; /* Nouvel élément à transmettre*/ + + /* Validation préalable du type des arguments */ + + result = true; + + for (i = 0; i < count && result; i++) + result = G_IS_SCAN_PATTERN_HANDLER(args[i]); + + if (!result) + goto exit; + + /* Construction des chemins attendus */ + + *out = G_OBJECT(g_scan_generic_set_new()); + + for (i = 0; i < count; i++) + { + matches = g_scan_pattern_handler_get_all_matches(G_SCAN_PATTERN_HANDLER(args[i]), ctx, &mcount); + if (mcount == 0) continue; + + /** + * La série est à priori constituée d'éléments de même type, donc + * un test unique suffit. + */ + if (!G_IS_SCAN_BYTES_MATCH(matches[0])) + { + for (k = 0; k < mcount; k++) + g_object_unref(G_OBJECT(matches[k])); + } + + else + { + for (k = 0; k < mcount; k++) + { + path.data = g_scan_bytes_match_get_modifier_path(G_SCAN_BYTES_MATCH(matches[k])); + if (path.data == NULL) continue; + + path.len = strlen(path.data); + + subitem = g_scan_literal_expression_new(LVT_STRING, &path); + + g_scan_generic_set_add_item(G_SCAN_GENERIC_SET(*out), subitem); + + g_object_unref(G_OBJECT(subitem)); + + exit_szstr(&path); + + g_object_unref(G_OBJECT(matches[k])); + + } + + } + + free(matches); + + } + + exit: + + return result; + +#endif + +} diff --git a/src/analysis/scan/items/modpath.h b/src/analysis/scan/items/modpath.h new file mode 100644 index 0000000..3a78ef7 --- /dev/null +++ b/src/analysis/scan/items/modpath.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * modpath.h - prototypes pour la récupération des combinaisons de modification de motifs + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_ITEMS_MODPATH_H +#define _ANALYSIS_SCAN_ITEMS_MODPATH_H + + +#include <glib-object.h> + + +#include "../item.h" + + + +#define G_TYPE_SCAN_MODPATH_FUNCTION g_scan_modpath_function_get_type() +#define G_SCAN_MODPATH_FUNCTION(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_MODPATH_FUNCTION, GScanModpathFunction)) +#define G_IS_SCAN_MODPATH_FUNCTION(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_MODPATH_FUNCTION)) +#define G_SCAN_MODPATH_FUNCTION_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_MODPATH_FUNCTION, GScanModpathFunctionClass)) +#define G_IS_SCAN_MODPATH_FUNCTION_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_MODPATH_FUNCTION)) +#define G_SCAN_MODPATH_FUNCTION_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_MODPATH_FUNCTION, GScanModpathFunctionClass)) + + +/* Récupération de formules à l'origine de la construction de motifs (instance) */ +typedef GScanRegisteredItem GScanModpathFunction; + +/* Récupération de formules à l'origine de la construction de motifs (classe) */ +typedef GScanRegisteredItemClass GScanModpathFunctionClass; + + +/* Indique le type défini pour une énumération de formules créant des motifs. */ +GType g_scan_modpath_function_get_type(void); + +/* Constitue une fonction d'énumération des formules de motifs. */ +GScanRegisteredItem *g_scan_modpath_function_new(void); + + + +#endif /* _ANALYSIS_SCAN_ITEMS_MODPATH_H */ diff --git a/src/analysis/scan/items/string/Makefile.am b/src/analysis/scan/items/string/Makefile.am index c9ce6a3..6f8d6c5 100644 --- a/src/analysis/scan/items/string/Makefile.am +++ b/src/analysis/scan/items/string/Makefile.am @@ -5,7 +5,8 @@ noinst_LTLIBRARIES = libanalysisscanitemsstring.la libanalysisscanitemsstring_la_SOURCES = \ lower.h lower.c \ to_int.h to_int.c \ - upper.h upper.c + upper.h upper.c \ + wide.h wide.c libanalysisscanitemsstring_la_CFLAGS = $(LIBGOBJ_CFLAGS) diff --git a/src/analysis/scan/items/string/lower.c b/src/analysis/scan/items/string/lower.c index be8b133..241d87a 100644 --- a/src/analysis/scan/items/string/lower.c +++ b/src/analysis/scan/items/string/lower.c @@ -66,7 +66,7 @@ static bool g_scan_string_lower_function_run_call(GScanStringLowerFunction *, GS /* Indique le type défini pour une bascule de la casse d'une suite de caractères. */ -G_DEFINE_TYPE(GScanStringLowerFunction, g_scan_string_lower_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanStringLowerFunction, g_scan_string_lower_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -84,14 +84,14 @@ G_DEFINE_TYPE(GScanStringLowerFunction, g_scan_string_lower_function, G_TYPE_REG static void g_scan_string_lower_function_class_init(GScanStringLowerFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_string_lower_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_string_lower_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_string_lower_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_string_lower_function_run_call; @@ -167,9 +167,9 @@ static void g_scan_string_lower_function_finalize(GScanStringLowerFunction *func * * ******************************************************************************/ -GRegisteredItem *g_scan_string_lower_function_new(void) +GScanRegisteredItem *g_scan_string_lower_function_new(void) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_STRING_LOWER_FUNCTION, NULL); diff --git a/src/analysis/scan/items/string/lower.h b/src/analysis/scan/items/string/lower.h index f844a65..b9eb00a 100644 --- a/src/analysis/scan/items/string/lower.h +++ b/src/analysis/scan/items/string/lower.h @@ -41,17 +41,17 @@ /* Bascule d'une suite de caractères en minuscules (instance) */ -typedef GRegisteredItem GScanStringLowerFunction; +typedef GScanRegisteredItem GScanStringLowerFunction; /* Bascule d'une suite de caractères en minuscules (classe) */ -typedef GRegisteredItemClass GScanStringLowerFunctionClass; +typedef GScanRegisteredItemClass GScanStringLowerFunctionClass; /* Indique le type défini pour une bascule de la casse d'une suite de caractères. */ GType g_scan_string_lower_function_get_type(void); /* Constitue une fonction de bascule de lettres en minuscules. */ -GRegisteredItem *g_scan_string_lower_function_new(void); +GScanRegisteredItem *g_scan_string_lower_function_new(void); diff --git a/src/analysis/scan/items/string/to_int.c b/src/analysis/scan/items/string/to_int.c index 8031d4d..150fd06 100644 --- a/src/analysis/scan/items/string/to_int.c +++ b/src/analysis/scan/items/string/to_int.c @@ -66,7 +66,7 @@ static bool g_scan_string_to_int_function_run_call(GScanStringToIntFunction *, G /* Indique le type défini pour une conversion de texte en entier. */ -G_DEFINE_TYPE(GScanStringToIntFunction, g_scan_string_to_int_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanStringToIntFunction, g_scan_string_to_int_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -84,14 +84,14 @@ G_DEFINE_TYPE(GScanStringToIntFunction, g_scan_string_to_int_function, G_TYPE_RE static void g_scan_string_to_int_function_class_init(GScanStringToIntFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_string_to_int_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_string_to_int_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_string_to_int_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_string_to_int_function_run_call; @@ -167,9 +167,9 @@ static void g_scan_string_to_int_function_finalize(GScanStringToIntFunction *fun * * ******************************************************************************/ -GRegisteredItem *g_scan_string_to_int_function_new(void) +GScanRegisteredItem *g_scan_string_to_int_function_new(void) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_STRING_TO_INT_FUNCTION, NULL); diff --git a/src/analysis/scan/items/string/to_int.h b/src/analysis/scan/items/string/to_int.h index 143da44..ffd971b 100644 --- a/src/analysis/scan/items/string/to_int.h +++ b/src/analysis/scan/items/string/to_int.h @@ -41,17 +41,17 @@ /* Conversion d'une valeur textuelle en valeur entière (instance) */ -typedef GRegisteredItem GScanStringToIntFunction; +typedef GScanRegisteredItem GScanStringToIntFunction; /* Conversion d'une valeur textuelle en valeur entière (classe) */ -typedef GRegisteredItemClass GScanStringToIntFunctionClass; +typedef GScanRegisteredItemClass GScanStringToIntFunctionClass; /* Indique le type défini pour une conversion de texte en entier. */ GType g_scan_string_to_int_function_get_type(void); /* Crée une fonction de conversion de texte en valeur entière. */ -GRegisteredItem *g_scan_string_to_int_function_new(void); +GScanRegisteredItem *g_scan_string_to_int_function_new(void); diff --git a/src/analysis/scan/items/string/upper.c b/src/analysis/scan/items/string/upper.c index 2ddd0dc..d09ae00 100644 --- a/src/analysis/scan/items/string/upper.c +++ b/src/analysis/scan/items/string/upper.c @@ -66,7 +66,7 @@ static bool g_scan_string_upper_function_run_call(GScanStringUpperFunction *, GS /* Indique le type défini pour une bascule de la casse d'une suite de caractères. */ -G_DEFINE_TYPE(GScanStringUpperFunction, g_scan_string_upper_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanStringUpperFunction, g_scan_string_upper_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -84,14 +84,14 @@ G_DEFINE_TYPE(GScanStringUpperFunction, g_scan_string_upper_function, G_TYPE_REG static void g_scan_string_upper_function_class_init(GScanStringUpperFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_string_upper_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_string_upper_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_string_upper_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_string_upper_function_run_call; @@ -167,9 +167,9 @@ static void g_scan_string_upper_function_finalize(GScanStringUpperFunction *func * * ******************************************************************************/ -GRegisteredItem *g_scan_string_upper_function_new(void) +GScanRegisteredItem *g_scan_string_upper_function_new(void) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_STRING_UPPER_FUNCTION, NULL); diff --git a/src/analysis/scan/items/string/upper.h b/src/analysis/scan/items/string/upper.h index 4f6e4bc..4fdeb09 100644 --- a/src/analysis/scan/items/string/upper.h +++ b/src/analysis/scan/items/string/upper.h @@ -41,17 +41,17 @@ /* Bascule d'une suite de caractères en majuscules (instance) */ -typedef GRegisteredItem GScanStringUpperFunction; +typedef GScanRegisteredItem GScanStringUpperFunction; /* Bascule d'une suite de caractères en majuscules (classe) */ -typedef GRegisteredItemClass GScanStringUpperFunctionClass; +typedef GScanRegisteredItemClass GScanStringUpperFunctionClass; /* Indique le type défini pour une bascule de la casse d'une suite de caractères. */ GType g_scan_string_upper_function_get_type(void); /* Constitue une fonction de bascule de lettres en majuscules. */ -GRegisteredItem *g_scan_string_upper_function_new(void); +GScanRegisteredItem *g_scan_string_upper_function_new(void); diff --git a/src/analysis/scan/items/string/wide.c b/src/analysis/scan/items/string/wide.c new file mode 100644 index 0000000..378f21c --- /dev/null +++ b/src/analysis/scan/items/string/wide.c @@ -0,0 +1,270 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * wide.c - bascule de texte ASCII en UTF-16 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "wide.h" + + +#include <ctype.h> + + +#include "../../item-int.h" +#include "../../exprs/literal.h" + + + +/* ---------------------- INTRODUCTION D'UNE NOUVELLE FONCTION ---------------------- */ + + +/* Initialise la classe des bascules de texte ASCII en UTF-16. */ +static void g_scan_string_wide_function_class_init(GScanStringWideFunctionClass *); + +/* Initialise une instance de bascule de texte ASCII en UTF-16. */ +static void g_scan_string_wide_function_init(GScanStringWideFunction *); + +/* Supprime toutes les références externes. */ +static void g_scan_string_wide_function_dispose(GScanStringWideFunction *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_string_wide_function_finalize(GScanStringWideFunction *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Indique le nom associé à une expression d'évaluation. */ +static char *g_scan_string_wide_function_get_name(const GScanStringWideFunction *); + +/* Réduit une expression à une forme plus simple. */ +static bool g_scan_string_wide_function_run_call(GScanStringWideFunction *, GScanExpression **, size_t, GScanContext *, GScanScope *, GObject **); + + + +/* ---------------------------------------------------------------------------------- */ +/* INTRODUCTION D'UNE NOUVELLE FONCTION */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une bascule de texte ASCII en UTF-16. */ +G_DEFINE_TYPE(GScanStringWideFunction, g_scan_string_wide_function, G_TYPE_SCAN_REGISTERED_ITEM); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des bascules de texte ASCII en UTF-16. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_string_wide_function_class_init(GScanStringWideFunctionClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_string_wide_function_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_string_wide_function_finalize; + + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); + + registered->get_name = (get_registered_item_name_fc)g_scan_string_wide_function_get_name; + registered->run_call = (run_registered_item_call_fc)g_scan_string_wide_function_run_call; + +} + + +/****************************************************************************** +* * +* Paramètres : func = instance à initialiser. * +* * +* Description : Initialise une instance de bascule de texte ASCII en UTF-16. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_string_wide_function_init(GScanStringWideFunction *func) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : func = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_string_wide_function_dispose(GScanStringWideFunction *func) +{ + G_OBJECT_CLASS(g_scan_string_wide_function_parent_class)->dispose(G_OBJECT(func)); + +} + + +/****************************************************************************** +* * +* Paramètres : func = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_string_wide_function_finalize(GScanStringWideFunction *func) +{ + G_OBJECT_CLASS(g_scan_string_wide_function_parent_class)->finalize(G_OBJECT(func)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Constitue une fonction de bascule de texte ASCII en UTF-16. * +* * +* Retour : Fonction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanRegisteredItem *g_scan_string_wide_function_new(void) +{ + GScanRegisteredItem *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_STRING_WIDE_FUNCTION, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* * +* Description : Indique le nom associé à une expression d'évaluation. * +* * +* Retour : Désignation humaine de l'expression d'évaluation. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_string_wide_function_get_name(const GScanStringWideFunction *item) +{ + char *result; /* Désignation à retourner */ + + result = strdup("wide"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = élément d'appel à consulter. * +* args = liste d'éventuels arguments fournis. * +* count = taille de cette liste. * +* ctx = contexte de suivi de l'analyse courante. * +* scope = portée courante des variables locales. * +* out = zone d'enregistrement de la résolution opérée. [OUT] * +* * +* Description : Réduit une expression à une forme plus simple. * +* * +* Retour : Réduction correspondante, expression déjà réduite, ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_string_wide_function_run_call(GScanStringWideFunction *item, GScanExpression **args, size_t count, GScanContext *ctx, GScanScope *scope, GObject **out) +{ + bool result; /* Bilan à retourner */ + GScanLiteralExpression *literal; /* Version plus accessible */ + LiteralValueType vtype; /* Type de valeur portée */ + const sized_string_t *string; /* Description du chaîne */ + sized_string_t new; /* Description transformée */ + size_t i; /* Boucle de parcours */ + + /* Validation des arguments */ + + result = (count == 1); + if (!result) goto exit; + + result = G_IS_SCAN_LITERAL_EXPRESSION(args[0]); + if (!result) goto exit; + + literal = G_SCAN_LITERAL_EXPRESSION(args[0]); + + vtype = g_scan_literal_expression_get_value_type(literal); + + result = (vtype == LVT_STRING); + if (!result) goto exit; + + result = g_scan_literal_expression_get_string_value(literal, &string); + if (!result) goto exit; + + /* Réalisation de l'opération attendue */ + + new.len = string->len * 2; + new.data = calloc(new.len, sizeof(bin_t)); + + for (i = 0; i < string->len; i++) + new.data[i * 2] = string->data[i]; + + *out = G_OBJECT(g_scan_literal_expression_new(LVT_STRING, &new)); + + exit_szstr(&new); + + exit: + + return result; + +} diff --git a/src/analysis/scan/items/string/wide.h b/src/analysis/scan/items/string/wide.h new file mode 100644 index 0000000..65195bd --- /dev/null +++ b/src/analysis/scan/items/string/wide.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * wide.h - prototypes pour la bascule de texte ASCII en UTF-16 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_ITEMS_STRING_WIDE_H +#define _ANALYSIS_SCAN_ITEMS_STRING_WIDE_H + + +#include <glib-object.h> + + +#include "../../item.h" + + + +#define G_TYPE_SCAN_STRING_WIDE_FUNCTION g_scan_string_wide_function_get_type() +#define G_SCAN_STRING_WIDE_FUNCTION(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_STRING_WIDE_FUNCTION, GScanStringWideFunction)) +#define G_IS_SCAN_STRING_WIDE_FUNCTION(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_STRING_WIDE_FUNCTION)) +#define G_SCAN_STRING_WIDE_FUNCTION_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_STRING_WIDE_FUNCTION, GScanStringWideFunctionClass)) +#define G_IS_SCAN_STRING_WIDE_FUNCTION_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_STRING_WIDE_FUNCTION)) +#define G_SCAN_STRING_WIDE_FUNCTION_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_STRING_WIDE_FUNCTION, GScanStringWideFunctionClass)) + + +/* Bascule d'une suite de texte ASCII en UTF-16 (instance) */ +typedef GScanRegisteredItem GScanStringWideFunction; + +/* Bascule d'une suite de texte ASCII en UTF-16 (classe) */ +typedef GScanRegisteredItemClass GScanStringWideFunctionClass; + + +/* Indique le type défini pour une bascule de texte ASCII en UTF-16. */ +GType g_scan_string_wide_function_get_type(void); + +/* Constitue une fonction de bascule de texte ASCII en UTF-16. */ +GScanRegisteredItem *g_scan_string_wide_function_new(void); + + + +#endif /* _ANALYSIS_SCAN_ITEMS_STRING_WIDE_H */ diff --git a/src/analysis/scan/items/time/make.c b/src/analysis/scan/items/time/make.c index 477a77c..e7330a3 100644 --- a/src/analysis/scan/items/time/make.c +++ b/src/analysis/scan/items/time/make.c @@ -67,7 +67,7 @@ static bool g_scan_time_make_function_run_call(GScanTimeMakeFunction *, GScanExp /* Indique le type défini pour une conversion de date en nombre de secondes. */ -G_DEFINE_TYPE(GScanTimeMakeFunction, g_scan_time_make_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanTimeMakeFunction, g_scan_time_make_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -85,14 +85,14 @@ G_DEFINE_TYPE(GScanTimeMakeFunction, g_scan_time_make_function, G_TYPE_REGISTERE static void g_scan_time_make_function_class_init(GScanTimeMakeFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_time_make_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_time_make_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_time_make_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_time_make_function_run_call; @@ -168,9 +168,9 @@ static void g_scan_time_make_function_finalize(GScanTimeMakeFunction *func) * * ******************************************************************************/ -GRegisteredItem *g_scan_time_make_function_new(void) +GScanRegisteredItem *g_scan_time_make_function_new(void) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_TIME_MAKE_FUNCTION, NULL); diff --git a/src/analysis/scan/items/time/make.h b/src/analysis/scan/items/time/make.h index 958a392..f4be276 100644 --- a/src/analysis/scan/items/time/make.h +++ b/src/analysis/scan/items/time/make.h @@ -41,17 +41,17 @@ /* Convertisseur de date en nombre de secondes depuis le 01/01/1970 (instance) */ -typedef GRegisteredItem GScanTimeMakeFunction; +typedef GScanRegisteredItem GScanTimeMakeFunction; /* Convertisseur de date en nombre de secondes depuis le 01/01/1970 (classe) */ -typedef GRegisteredItemClass GScanTimeMakeFunctionClass; +typedef GScanRegisteredItemClass GScanTimeMakeFunctionClass; /* Indique le type défini pour une conversion de date en nombre de secondes. */ GType g_scan_time_make_function_get_type(void); /* Constitue une fonction de décompte du temps écoulé. */ -GRegisteredItem *g_scan_time_make_function_new(void); +GScanRegisteredItem *g_scan_time_make_function_new(void); diff --git a/src/analysis/scan/items/time/now.c b/src/analysis/scan/items/time/now.c index 16c4aef..7f8b627 100644 --- a/src/analysis/scan/items/time/now.c +++ b/src/analysis/scan/items/time/now.c @@ -66,7 +66,7 @@ static bool g_scan_time_now_function_run_call(GScanTimeNowFunction *, GScanExpre /* Indique le type défini pour un décompte de secondes écoulées depuis le 01/01/1970. */ -G_DEFINE_TYPE(GScanTimeNowFunction, g_scan_time_now_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanTimeNowFunction, g_scan_time_now_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -84,14 +84,14 @@ G_DEFINE_TYPE(GScanTimeNowFunction, g_scan_time_now_function, G_TYPE_REGISTERED_ static void g_scan_time_now_function_class_init(GScanTimeNowFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_time_now_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_time_now_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_time_now_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_time_now_function_run_call; @@ -167,9 +167,9 @@ static void g_scan_time_now_function_finalize(GScanTimeNowFunction *func) * * ******************************************************************************/ -GRegisteredItem *g_scan_time_now_function_new(void) +GScanRegisteredItem *g_scan_time_now_function_new(void) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_TIME_NOW_FUNCTION, NULL); diff --git a/src/analysis/scan/items/time/now.h b/src/analysis/scan/items/time/now.h index 6b3faa2..73ed52a 100644 --- a/src/analysis/scan/items/time/now.h +++ b/src/analysis/scan/items/time/now.h @@ -41,17 +41,17 @@ /* Décompte du nombre de seccondes écoulées depuis le 01/01/1970 (instance) */ -typedef GRegisteredItem GScanTimeNowFunction; +typedef GScanRegisteredItem GScanTimeNowFunction; /* Décompte du nombre de seccondes écoulées depuis le 01/01/1970 (classe) */ -typedef GRegisteredItemClass GScanTimeNowFunctionClass; +typedef GScanRegisteredItemClass GScanTimeNowFunctionClass; /* Indique le type défini pour un décompte de secondes écoulées depuis le 01/01/1970. */ GType g_scan_time_now_function_get_type(void); /* Constitue une fonction de décompte du temps écoulé. */ -GRegisteredItem *g_scan_time_now_function_new(void); +GScanRegisteredItem *g_scan_time_now_function_new(void); diff --git a/src/analysis/scan/items/uint-int.h b/src/analysis/scan/items/uint-int.h index 972d7a0..49050e6 100644 --- a/src/analysis/scan/items/uint-int.h +++ b/src/analysis/scan/items/uint-int.h @@ -35,7 +35,7 @@ /* Fonction conduisant à la lecture d'un mot (instance) */ struct _GScanUintFunction { - GRegisteredItem parent; /* A laisser en premier */ + GScanRegisteredItem parent; /* A laisser en premier */ MemoryDataSize size; /* Taille du mot à lire */ SourceEndian endian; /* Boutisme à respecter */ @@ -45,7 +45,7 @@ struct _GScanUintFunction /* Fonction conduisant à la lecture d'un mot (classe) */ struct _GScanUintFunctionClass { - GRegisteredItemClass parent; /* A laisser en premier */ + GScanRegisteredItemClass parent; /* A laisser en premier */ }; diff --git a/src/analysis/scan/items/uint.c b/src/analysis/scan/items/uint.c index 66c7fa9..8060aca 100644 --- a/src/analysis/scan/items/uint.c +++ b/src/analysis/scan/items/uint.c @@ -67,7 +67,7 @@ static bool g_scan_uint_function_run_call(GScanUintFunction *, GScanExpression * /* Indique le type défini pour une lecture de mot à partir de données binaires. */ -G_DEFINE_TYPE(GScanUintFunction, g_scan_uint_function, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanUintFunction, g_scan_uint_function, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -85,14 +85,14 @@ G_DEFINE_TYPE(GScanUintFunction, g_scan_uint_function, G_TYPE_REGISTERED_ITEM); static void g_scan_uint_function_class_init(GScanUintFunctionClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_uint_function_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_uint_function_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_uint_function_get_name; registered->run_call = (run_registered_item_call_fc)g_scan_uint_function_run_call; @@ -170,9 +170,9 @@ static void g_scan_uint_function_finalize(GScanUintFunction *func) * * ******************************************************************************/ -GRegisteredItem *g_scan_uint_function_new(MemoryDataSize size, SourceEndian endian) +GScanRegisteredItem *g_scan_uint_function_new(MemoryDataSize size, SourceEndian endian) { - GRegisteredItem *result; /* Structure à retourner */ + GScanRegisteredItem *result; /* Structure à retourner */ result = g_object_new(G_TYPE_SCAN_UINT_FUNCTION, NULL); diff --git a/src/analysis/scan/items/uint.h b/src/analysis/scan/items/uint.h index abc2231..d3dd3cb 100644 --- a/src/analysis/scan/items/uint.h +++ b/src/analysis/scan/items/uint.h @@ -52,7 +52,7 @@ typedef struct _GScanUintFunctionClass GScanUintFunctionClass; GType g_scan_uint_function_get_type(void); /* Constitue une fonction de lecture de valeur entière. */ -GRegisteredItem *g_scan_uint_function_new(MemoryDataSize, SourceEndian); +GScanRegisteredItem *g_scan_uint_function_new(MemoryDataSize, SourceEndian); diff --git a/src/analysis/scan/match-int.h b/src/analysis/scan/match-int.h deleted file mode 100644 index cf774c4..0000000 --- a/src/analysis/scan/match-int.h +++ /dev/null @@ -1,60 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * match-int.h - prototypes internes pour la sauvegarde d'une correspondance identifiée de motif - * - * Copyright (C) 2022 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Foobar. If not, see <http://www.gnu.org/licenses/>. - */ - - -#ifndef _ANALYSIS_SCAN_MATCH_INT_H -#define _ANALYSIS_SCAN_MATCH_INT_H - - -#include "match.h" - - - -/* Affiche une correspondance au format texte. */ -typedef void (* output_scan_match_to_text_fc) (const GScanMatch *, int); - -/* Affiche une correspondance au format JSON. */ -typedef void (* output_scan_match_to_json_fc) (const GScanMatch *, const sized_string_t *, unsigned int, int); - - -/* Correspondance trouvée avec un motif (instance) */ -struct _GScanMatch -{ - GObject parent; /* A laisser en premier */ - - GSearchPattern *source; /* Motif d'origine recherché */ - -}; - -/* Correspondance trouvée avec un motif (classe) */ -struct _GScanMatchClass -{ - GObjectClass parent; /* A laisser en premier */ - - output_scan_match_to_text_fc to_text; /* Impression au format texte */ - output_scan_match_to_json_fc to_json; /* Impression au format JSON */ - -}; - - - -#endif /* _ANALYSIS_SCAN_MATCH_INT_H */ diff --git a/src/analysis/scan/match.h b/src/analysis/scan/match.h deleted file mode 100644 index e713b5d..0000000 --- a/src/analysis/scan/match.h +++ /dev/null @@ -1,71 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * match.h - prototypes pour la sauvegarde d'une correspondance identifiée de motif - * - * Copyright (C) 2022 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Foobar. If not, see <http://www.gnu.org/licenses/>. - */ - - -#ifndef _ANALYSIS_SCAN_MATCH_H -#define _ANALYSIS_SCAN_MATCH_H - - -#include <glib-object.h> - - -#include "pattern.h" -#include "../../common/szstr.h" - - - -#define G_TYPE_SCAN_MATCH g_scan_match_get_type() -#define G_SCAN_MATCH(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_MATCH, GScanMatch)) -#define G_IS_SCAN_MATCH(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_MATCH)) -#define G_SCAN_MATCH_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_MATCH, GScanMatchClass)) -#define G_IS_SCAN_MATCH_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_MATCH)) -#define G_SCAN_MATCH_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_MATCH, GScanMatchClass)) - - -/* Correspondance trouvée avec un motif (instance) */ -typedef struct _GScanMatch GScanMatch; - -/* Correspondance trouvée avec un motif (classe) */ -typedef struct _GScanMatchClass GScanMatchClass; - - -/* Indique le type défini pour un correspondance de motif identifiée. */ -GType g_scan_match_get_type(void); - -/* Indique la source du motif d'origine recherché. */ -GSearchPattern *g_scan_match_get_source(const GScanMatch *); - -/* Affiche une correspondance au format texte. */ -void g_scan_match_output_to_text(const GScanMatch *, int); - -/* Convertit une correspondance en texte. */ -void g_scan_match_convert_as_text(const GScanMatch *); - -/* Affiche une correspondance au format JSON. */ -void g_scan_match_output_to_json(const GScanMatch *, const sized_string_t *, unsigned int, int, bool); - -/* Convertit une correspondance en JSON. */ -void g_scan_match_convert_as_json(const GScanMatch *); - - - -#endif /* _ANALYSIS_SCAN_MATCH_H */ diff --git a/src/analysis/scan/matches-int.h b/src/analysis/scan/matches-int.h new file mode 100644 index 0000000..4e6a244 --- /dev/null +++ b/src/analysis/scan/matches-int.h @@ -0,0 +1,71 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * matches-int.h - prototypes internes pour la sauvegarde de correspondances de motif identifiées + * + * Copyright (C) 2022 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_MATCHES_INT_H +#define _ANALYSIS_SCAN_MATCHES_INT_H + + +#include "matches.h" + + + +/* Dénombre les correspondances enregistrées pour un motif. */ +typedef size_t (* count_scan_matches_fc) (const GScanMatches *); + +/* Affiche une série de correspondances au format texte. */ +typedef void (* output_scan_matches_to_text_fc) (const GScanMatches *, int); + +/* Affiche une série de correspondances au format JSON. */ +typedef void (* output_scan_matches_to_json_fc) (const GScanMatches *, const sized_string_t *, unsigned int, int); + + +/* Correspondances trouvées avec un motif (instance) */ +struct _GScanMatches +{ + GObject parent; /* A laisser en premier */ + + /** + * L'aspect constant des instances marque seulement le fait que les + * pointeurs sont partagés avec un contexte, qui est le réel propriétaire + * de ces instances. + */ + const GScanContext *context; /* Contexte de rattachement */ + const GSearchPattern *source; /* Motif d'origine recherché */ + +}; + +/* Correspondances trouvées avec un motif (classe) */ +struct _GScanMatchesClass +{ + GObjectClass parent; /* A laisser en premier */ + + count_scan_matches_fc count; /* Décompte des correspondances*/ + + output_scan_matches_to_text_fc to_text; /* Impression au format texte */ + output_scan_matches_to_json_fc to_json; /* Impression au format JSON */ + +}; + + + +#endif /* _ANALYSIS_SCAN_MATCHES_INT_H */ diff --git a/src/analysis/scan/match.c b/src/analysis/scan/matches.c index b0b4320..1290c90 100644 --- a/src/analysis/scan/match.c +++ b/src/analysis/scan/matches.c @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * match.c - sauvegarde d'une correspondance identifiée de motif + * matches.c - sauvegarde de correspondances de motif identifiées * * Copyright (C) 2022 Cyrille Bagard * @@ -21,36 +21,36 @@ */ -#include "match.h" +#include "matches.h" -#include "match-int.h" +#include "matches-int.h" -/* Initialise la classe des correspondances de motifs. */ -static void g_scan_match_class_init(GScanMatchClass *); +/* Initialise la classe des séries de correspondances de motifs. */ +static void g_scan_matches_class_init(GScanMatchesClass *); -/* Initialise une instance de correspondance de motif trouvée. */ -static void g_scan_match_init(GScanMatch *); +/* Initialise une instance de série de correspondances trouvées. */ +static void g_scan_matches_init(GScanMatches *); /* Supprime toutes les références externes. */ -static void g_scan_match_dispose(GScanMatch *); +static void g_scan_matches_dispose(GScanMatches *); /* Procède à la libération totale de la mémoire. */ -static void g_scan_match_finalize(GScanMatch *); +static void g_scan_matches_finalize(GScanMatches *); -/* Indique le type défini pour un correspondance de motif identifiée. */ -G_DEFINE_TYPE(GScanMatch, g_scan_match, G_TYPE_OBJECT); +/* Indique le type défini pour une série de correspondances identifiées. */ +G_DEFINE_TYPE(GScanMatches, g_scan_matches, G_TYPE_OBJECT); /****************************************************************************** * * * Paramètres : klass = classe à initialiser. * * * -* Description : Initialise la classe des correspondances de motifs. * +* Description : Initialise la classe des séries de correspondances de motifs.* * * * Retour : - * * * @@ -58,23 +58,23 @@ G_DEFINE_TYPE(GScanMatch, g_scan_match, G_TYPE_OBJECT); * * ******************************************************************************/ -static void g_scan_match_class_init(GScanMatchClass *klass) +static void g_scan_matches_class_init(GScanMatchesClass *klass) { GObjectClass *object; /* Autre version de la classe */ object = G_OBJECT_CLASS(klass); - object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_match_dispose; - object->finalize = (GObjectFinalizeFunc)g_scan_match_finalize; + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_matches_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_matches_finalize; } /****************************************************************************** * * -* Paramètres : match = instance à initialiser. * +* Paramètres : matches = instance à initialiser. * * * -* Description : Initialise une instance de correspondance de motif trouvée. * +* Description : Initialise une instance de série de correspondances trouvées.* * * * Retour : - * * * @@ -82,16 +82,17 @@ static void g_scan_match_class_init(GScanMatchClass *klass) * * ******************************************************************************/ -static void g_scan_match_init(GScanMatch *match) +static void g_scan_matches_init(GScanMatches *matches) { - match->source = NULL; + matches->context = NULL; + matches->source = NULL; } /****************************************************************************** * * -* Paramètres : match = instance d'objet GLib à traiter. * +* Paramètres : matches = instance d'objet GLib à traiter. * * * * Description : Supprime toutes les références externes. * * * @@ -101,18 +102,21 @@ static void g_scan_match_init(GScanMatch *match) * * ******************************************************************************/ -static void g_scan_match_dispose(GScanMatch *match) +static void g_scan_matches_dispose(GScanMatches *matches) { - g_clear_object(&match->source); + /** + * Contexte et source sont des instances partagées. Leur propriété n'est + * donc pas à modifier avec un appel à g_clear_object() ici. + */ - G_OBJECT_CLASS(g_scan_match_parent_class)->dispose(G_OBJECT(match)); + G_OBJECT_CLASS(g_scan_matches_parent_class)->dispose(G_OBJECT(matches)); } /****************************************************************************** * * -* Paramètres : match = instance d'objet GLib à traiter. * +* Paramètres : matches = instance d'objet GLib à traiter. * * * * Description : Procède à la libération totale de la mémoire. * * * @@ -122,30 +126,52 @@ static void g_scan_match_dispose(GScanMatch *match) * * ******************************************************************************/ -static void g_scan_match_finalize(GScanMatch *match) +static void g_scan_matches_finalize(GScanMatches *matches) { - G_OBJECT_CLASS(g_scan_match_parent_class)->finalize(G_OBJECT(match)); + G_OBJECT_CLASS(g_scan_matches_parent_class)->finalize(G_OBJECT(matches)); } /****************************************************************************** * * -* Paramètres : match = définition de correspondance à consulter. * +* Paramètres : matches = instance dont l'initialisation est à compléter. * +* context = contexte associé au scan courant. * +* source = lien vers le motif recherché d'origine. * * * -* Description : Indique la source du motif d'origine recherché. * +* Description : Associe des éléments de contexte à des correspondances. * * * * Retour : - * * * +* Remarques : Aucun transfert de propriété n'a lieu ici ! * +* * +******************************************************************************/ + +void g_scan_matches_attach(GScanMatches *matches, const GScanContext *context, const GSearchPattern *source) +{ + matches->context = context; + matches->source = source; + +} + + +/****************************************************************************** +* * +* Paramètres : matches = informations de correspondances à consulter. * +* * +* Description : Fournit le contexte du scan associé aux correspondances. * +* * +* Retour : Contexte de scan courant. * +* * * Remarques : - * * * ******************************************************************************/ -GSearchPattern *g_scan_match_get_source(const GScanMatch *match) +GScanContext *g_scan_bytes_matches_get_context(const GScanMatches *matches) { - GSearchPattern *result; /* Source à retourner */ + GScanContext *result; /* Instance à retourner */ - result = match->source; + result = (GScanContext *)matches->context; g_object_ref(G_OBJECT(result)); @@ -156,56 +182,61 @@ GSearchPattern *g_scan_match_get_source(const GScanMatch *match) /****************************************************************************** * * -* Paramètres : match = définition de correspondance à manipuler. * -* fd = canal d'écriture. * +* Paramètres : matches = définition de correspondance à consulter. * * * -* Description : Affiche une correspondance au format texte. * +* Description : Indique la source du motif d'origine recherché. * * * -* Retour : - * +* Retour : Motif à l'origine des correspondances. * * * * Remarques : - * * * ******************************************************************************/ -void g_scan_match_output_to_text(const GScanMatch *match, int fd) +GSearchPattern *g_scan_matches_get_source(const GScanMatches *matches) { - GScanMatchClass *class; /* Classe à activer */ + GSearchPattern *result; /* Source à retourner */ + + result = (GSearchPattern *)matches->source; - class = G_SCAN_MATCH_GET_CLASS(match); + g_object_ref(G_OBJECT(result)); - class->to_text(match, fd); + return result; } /****************************************************************************** * * -* Paramètres : match = définition de correspondance à manipuler. * +* Paramètres : matches = définition de correspondances à consulter. * * * -* Description : Convertit une correspondance en texte. * +* Description : Dénombre les correspondances enregistrées pour un motif. * * * -* Retour : - * +* Retour : Quantité de correspondances établies. * * * * Remarques : - * * * ******************************************************************************/ -void g_scan_match_convert_as_text(const GScanMatch *match) +size_t g_scan_matches_count(const GScanMatches *matches) { - /* TODO */ + size_t result; /* Quantité à retourner */ + GScanMatchesClass *class; /* Classe à activer */ + + class = G_SCAN_MATCHES_GET_CLASS(matches); + + result = class->count(matches); + + return result; } /****************************************************************************** * * -* Paramètres : match = définition de correspondance à manipuler. * -* padding = éventuel bourrage initial à placer ou NULL. * -* level = profondeur actuelle. * -* fd = canal d'écriture. * -* trailing = impose une virgule finale ? * +* Paramètres : matches = définition de correspondance à manipuler. * +* fd = canal d'écriture. * * * -* Description : Affiche une correspondance au format JSON. * +* Description : Affiche une série de correspondances au format texte. * * * * Retour : - * * * @@ -213,42 +244,67 @@ void g_scan_match_convert_as_text(const GScanMatch *match) * * ******************************************************************************/ -void g_scan_match_output_to_json(const GScanMatch *match, const sized_string_t *padding, unsigned int level, int fd, bool trailing) +void g_scan_matches_output_to_text(const GScanMatches *matches, int fd) { - unsigned int i; /* Boucle de parcours */ - GScanMatchClass *class; /* Classe à activer */ + GScanMatchesClass *class; /* Classe à activer */ - /* Introduction */ + class = G_SCAN_MATCHES_GET_CLASS(matches); - for (i = 0; i < level; i++) - write(fd, padding->data, padding->len); + class->to_text(matches, fd); - write(fd, "{\n", 2); +} - /* Affichage du contenu */ - class = G_SCAN_MATCH_GET_CLASS(match); +/****************************************************************************** +* * +* Paramètres : matches = définition de correspondance à manipuler. * +* * +* Description : Convertit une série de correspondances en texte. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_matches_convert_as_text(const GScanMatches *matches) +{ + /* TODO */ + +} - class->to_json(match, padding, level + 1, fd); - /* Conclusion */ +/****************************************************************************** +* * +* Paramètres : matches = définition de correspondance à manipuler. * +* padding = éventuel bourrage initial à placer ou NULL. * +* level = profondeur actuelle. * +* fd = canal d'écriture. * +* * +* Description : Affiche une série de correspondances au format JSON. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_matches_output_to_json(const GScanMatches *matches, const sized_string_t *padding, unsigned int level, int fd) +{ + GScanMatchesClass *class; /* Classe à activer */ - for (i = 0; i < level; i++) - write(fd, padding->data, padding->len); + class = G_SCAN_MATCHES_GET_CLASS(matches); - if (trailing) - write(fd, "},\n", 3); - else - write(fd, "}\n", 2); + class->to_json(matches, padding, level + 1, fd); } /****************************************************************************** * * -* Paramètres : match = définition de correspondance à manipuler. * +* Paramètres : matches = définition de correspondance à manipuler. * * * -* Description : Convertit une correspondance en JSON. * +* Description : Convertit une série de correspondances en JSON. * * * * Retour : - * * * @@ -256,7 +312,7 @@ void g_scan_match_output_to_json(const GScanMatch *match, const sized_string_t * * * ******************************************************************************/ -void g_scan_match_convert_as_json(const GScanMatch *match) +void g_scan_matches_convert_as_json(const GScanMatches *matches) { /* TODO */ diff --git a/src/analysis/scan/matches.h b/src/analysis/scan/matches.h new file mode 100644 index 0000000..26e54ed --- /dev/null +++ b/src/analysis/scan/matches.h @@ -0,0 +1,80 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * matches.h - prototypes pour la sauvegarde de correspondances de motif identifiées + * + * Copyright (C) 2022 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_MATCHES_H +#define _ANALYSIS_SCAN_MATCHES_H + + +#include <glib-object.h> + + +#include "pattern.h" +#include "../../common/szstr.h" + + + +#define G_TYPE_SCAN_MATCHES g_scan_matches_get_type() +#define G_SCAN_MATCHES(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_MATCHES, GScanMatches)) +#define G_IS_SCAN_MATCHES(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_MATCHES)) +#define G_SCAN_MATCHES_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_MATCHES, GScanMatchesClass)) +#define G_IS_SCAN_MATCHES_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_MATCHES)) +#define G_SCAN_MATCHES_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_MATCHES, GScanMatchesClass)) + + +/* Correspondances trouvées avec un motif (instance) */ +typedef struct _GScanMatches GScanMatches; + +/* Correspondances trouvées avec un motif (classe) */ +typedef struct _GScanMatchesClass GScanMatchesClass; + + +/* Indique le type défini pour une série de correspondances identifiées. */ +GType g_scan_matches_get_type(void); + +/* Associe des éléments de contexte à des correspondances. */ +void g_scan_matches_attach(GScanMatches *, const GScanContext *, const GSearchPattern *); + +/* Fournit le contexte du scan associé aux correspondances. */ +GScanContext *g_scan_bytes_matches_get_context(const GScanMatches *); + +/* Indique la source du motif d'origine recherché. */ +GSearchPattern *g_scan_matches_get_source(const GScanMatches *); + +/* Dénombre les correspondances enregistrées pour un motif. */ +size_t g_scan_matches_count(const GScanMatches *); + +/* Affiche une série de correspondances au format texte. */ +void g_scan_matches_output_to_text(const GScanMatches *, int); + +/* Convertit une série de correspondances en texte. */ +void g_scan_matches_convert_as_text(const GScanMatches *); + +/* Affiche une série de correspondances au format JSON. */ +void g_scan_matches_output_to_json(const GScanMatches *, const sized_string_t *, unsigned int, int); + +/* Convertit une série de correspondances en JSON. */ +void g_scan_matches_convert_as_json(const GScanMatches *); + + + +#endif /* _ANALYSIS_SCAN_MATCHES_H */ diff --git a/src/analysis/scan/matches/Makefile.am b/src/analysis/scan/matches/Makefile.am index d6b51c6..f1a69c3 100644 --- a/src/analysis/scan/matches/Makefile.am +++ b/src/analysis/scan/matches/Makefile.am @@ -3,9 +3,9 @@ noinst_LTLIBRARIES = libanalysisscanmatches.la libanalysisscanmatches_la_SOURCES = \ + area.h area.c \ bytes-int.h \ - bytes.h bytes.c \ - pending.h pending.c + bytes.h bytes.c libanalysisscanmatches_la_CFLAGS = $(LIBGOBJ_CFLAGS) diff --git a/src/analysis/scan/matches/area.c b/src/analysis/scan/matches/area.c new file mode 100644 index 0000000..3f512b0 --- /dev/null +++ b/src/analysis/scan/matches/area.c @@ -0,0 +1,57 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * area.c - conservation des localisations de correspondances + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "area.h" + + + +/****************************************************************************** +* * +* Paramètres : a = première zone de correspondance à comparer. * +* b = seconde zone de correspondance à comparer. * +* * +* Description : Etablit une comparaison entre deux zones de correspondance. * +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int compare_match_area_as_dl_item(const dl_list_item *a, const dl_list_item *b) +{ + int result; /* Bilan à retourner */ + match_area_t *area_a; /* Première zone à traiter */ + match_area_t *area_b; /* Seconde zone à traiter */ + + area_a = match_area_from_item(a); + area_b = match_area_from_item(b); + + result = sort_uint64_t(area_a->start, area_b->start); + + if (result == 0) + result = sort_uint64_t(area_a->end, area_b->end); + + return result; + +} diff --git a/src/analysis/scan/matches/area.h b/src/analysis/scan/matches/area.h new file mode 100644 index 0000000..b059b35 --- /dev/null +++ b/src/analysis/scan/matches/area.h @@ -0,0 +1,85 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * area.h - prototypes pour la conservation des localisations de correspondances + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_MATCHES_AREA_H +#define _ANALYSIS_SCAN_MATCHES_AREA_H + + +#include <assert.h> + + +#include "../../../arch/vmpa.h" +#include "../../../common/dllist.h" + + + +/* Couverture d'une correspondance */ +typedef struct _match_area_t +{ + phys_t start; /* Point de départ */ + phys_t end; /* Point d'arrivée (exclus) */ + + DL_LIST_ITEM(link); /* Lien vers les maillons */ + + size_t mod_path_index; /* Indice de construction */ + bool has_mod_path; /* Validité du champ précédent */ + +} match_area_t; + + +#define match_area_from_item(item) \ + (match_area_t *)container_of(item, match_area_t, link) + +#define add_tail_match_area(new, head) \ + dl_list_add_tail(new, head, match_area_t, link) + +#define del_match_area(item, head) \ + dl_list_del(item, head, match_area_t, link) + +#define for_each_match_area(pos, head) \ + dl_list_for_each(pos, head, match_area_t, link) + +#define for_each_match_area_safe(pos, head, next) \ + dl_list_for_each_safe(pos, head, next, match_area_t, link) + +#define is_last_match_area(item, head) \ + dl_list_is_last(item, head, link) + +#define merge_match_areas(head1, head2) \ + dl_list_merge(head1, head2, match_area_t, link) + +#define sort_match_areas_no_dup(head, len, cmp, dup) \ + ({ \ + assert(!dl_list_empty(*(head))); \ + dl_list_item *hmbr = &(*head)->link; \ + sort_dl_list_no_dup(&hmbr, len, cmp, dup); \ + match_area_from_item(hmbr); \ + }) + + +/* Etablit une comparaison entre deux zones de correspondance. */ +int compare_match_area_as_dl_item(const dl_list_item *, const dl_list_item *); + + + +#endif /* _ANALYSIS_SCAN_MATCHES_AREA_H */ diff --git a/src/analysis/scan/matches/bytes-int.h b/src/analysis/scan/matches/bytes-int.h index 6f7e60b..f6239e3 100644 --- a/src/analysis/scan/matches/bytes-int.h +++ b/src/analysis/scan/matches/bytes-int.h @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * bytes-int.h - prototypes internes pour la sauvegarde d'une correspondance identifiée de suite d'octets + * bytes-int.h - prototypes internes pour la sauvegarde de correspondances avec des suites d'octets identifiées * * Copyright (C) 2022 Cyrille Bagard * @@ -28,33 +28,27 @@ #include "bytes.h" -#include "../match-int.h" +#include "../matches-int.h" -/* Correspondance trouvée avec une chaîne (instance) */ -struct _GScanBytesMatch +/* Correspondances trouvées avec des suite d'octets (instance) */ +struct _GScanBytesMatches { - GScanMatch parent; /* A laisser en premier */ + GScanMatches parent; /* A laisser en premier */ - GBinContent *content; /* Contenu binaire de référence*/ - - phys_t start; /* Début du motif représenté */ - phys_t len; /* Taille du motif représenté */ + match_area_t *areas; /* Zones couvertes */ + size_t count; /* Nombre de zones */ }; -/* Correspondance trouvée avec une chaîne (classe) */ -struct _GScanBytesMatchClass +/* Correspondances trouvées avec des suite d'octets (classe) */ +struct _GScanBytesMatchesClass { - GScanMatchClass parent; /* A laisser en premier */ + GScanMatchesClass parent; /* A laisser en premier */ }; -/* Met en place une correspondance trouvée avec un motif. */ -bool g_scan_bytes_match_create(GScanBytesMatch *, GSearchPattern *, GBinContent *, phys_t, phys_t); - - #endif /* _ANALYSIS_SCAN_MATCHES_BYTES_INT_H */ diff --git a/src/analysis/scan/matches/bytes.c b/src/analysis/scan/matches/bytes.c index de101c4..a23188b 100644 --- a/src/analysis/scan/matches/bytes.c +++ b/src/analysis/scan/matches/bytes.c @@ -30,53 +30,57 @@ #include "bytes-int.h" +#include "../patterns/token.h" #include "../../../common/cpp.h" #include "../../../core/logs.h" -/* --------------------- CORRESPONDANCE AVEC UNE SUITE D'OCTETS --------------------- */ +/* -------------------- CONSERVATION DE CORRESPONDANCES ETABLIES -------------------- */ -/* Initialise la classe des correspondances de chaînes. */ -static void g_scan_bytes_match_class_init(GScanBytesMatchClass *); +/* Initialise la classe des séries de correspondances d'octets. */ +static void g_scan_bytes_matches_class_init(GScanBytesMatchesClass *); -/* Initialise une instance de correspondance de chaîne trouvée. */ -static void g_scan_bytes_match_init(GScanBytesMatch *); +/* Initialise une instance de série de correspondances trouvées. */ +static void g_scan_bytes_matches_init(GScanBytesMatches *); /* Supprime toutes les références externes. */ -static void g_scan_bytes_match_dispose(GScanBytesMatch *); +static void g_scan_bytes_matches_dispose(GScanBytesMatches *); /* Procède à la libération totale de la mémoire. */ -static void g_scan_bytes_match_finalize(GScanBytesMatch *); +static void g_scan_bytes_matches_finalize(GScanBytesMatches *); /* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ +/* Dénombre les correspondances enregistrées pour un motif. */ +static size_t g_scan_bytes_matches_count(const GScanBytesMatches *); + /* Affiche une correspondance au format texte. */ -static void g_scan_bytes_match_output_to_text(const GScanBytesMatch *, int); +static void g_scan_bytes_matches_output_to_text(const GScanBytesMatches *, int); /* Affiche une correspondance au format JSON. */ -static void g_scan_bytes_match_output_to_json(const GScanBytesMatch *, const sized_string_t *, unsigned int, int); +static void g_scan_bytes_matches_output_to_json(const GScanBytesMatches *, const sized_string_t *, unsigned int, int); /* ---------------------------------------------------------------------------------- */ -/* CORRESPONDANCE AVEC UNE SUITE D'OCTETS */ +/* CONSERVATION DE CORRESPONDANCES ETABLIES */ /* ---------------------------------------------------------------------------------- */ -/* Indique le type défini pour un correspondance de chaîne identifiée. */ -G_DEFINE_TYPE(GScanBytesMatch, g_scan_bytes_match, G_TYPE_SCAN_MATCH); +/* Indique le type défini pour une série de correspondances d'octets identifiées. */ +G_DEFINE_TYPE(GScanBytesMatches, g_scan_bytes_matches, G_TYPE_SCAN_MATCHES); /****************************************************************************** * * * Paramètres : klass = classe à initialiser. * * * -* Description : Initialise la classe des correspondances de chaînes. * +* Description : Initialise la classe des séries de correspondances d'octets. * * * * Retour : - * * * @@ -84,29 +88,31 @@ G_DEFINE_TYPE(GScanBytesMatch, g_scan_bytes_match, G_TYPE_SCAN_MATCH); * * ******************************************************************************/ -static void g_scan_bytes_match_class_init(GScanBytesMatchClass *klass) +static void g_scan_bytes_matches_class_init(GScanBytesMatchesClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GScanMatchClass *match; /* Version parente de la classe*/ + GScanMatchesClass *matches; /* Version parente de la classe*/ object = G_OBJECT_CLASS(klass); - object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_bytes_match_dispose; - object->finalize = (GObjectFinalizeFunc)g_scan_bytes_match_finalize; + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_bytes_matches_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_bytes_matches_finalize; + + matches = G_SCAN_MATCHES_CLASS(klass); - match = G_SCAN_MATCH_CLASS(klass); + matches->count = (count_scan_matches_fc)g_scan_bytes_matches_count; - match->to_text = (output_scan_match_to_text_fc)g_scan_bytes_match_output_to_text; - match->to_json = (output_scan_match_to_json_fc)g_scan_bytes_match_output_to_json; + matches->to_text = (output_scan_matches_to_text_fc)g_scan_bytes_matches_output_to_text; + matches->to_json = (output_scan_matches_to_json_fc)g_scan_bytes_matches_output_to_json; } /****************************************************************************** * * -* Paramètres : match = instance à initialiser. * +* Paramètres : matches = instance à initialiser. * * * -* Description : Initialise une instance de correspondance de chaîne trouvée. * +* Description : Initialise une instance de série de correspondances trouvées.* * * * Retour : - * * * @@ -114,19 +120,17 @@ static void g_scan_bytes_match_class_init(GScanBytesMatchClass *klass) * * ******************************************************************************/ -static void g_scan_bytes_match_init(GScanBytesMatch *match) +static void g_scan_bytes_matches_init(GScanBytesMatches *matches) { - match->content = NULL; - - match->start = VMPA_NO_PHYSICAL; - match->len = VMPA_NO_PHYSICAL; + matches->areas = NULL; + matches->count = 0; } /****************************************************************************** * * -* Paramètres : match = instance d'objet GLib à traiter. * +* Paramètres : matches = instance d'objet GLib à traiter. * * * * Description : Supprime toutes les références externes. * * * @@ -136,18 +140,16 @@ static void g_scan_bytes_match_init(GScanBytesMatch *match) * * ******************************************************************************/ -static void g_scan_bytes_match_dispose(GScanBytesMatch *match) +static void g_scan_bytes_matches_dispose(GScanBytesMatches *matches) { - g_clear_object(&match->content); - - G_OBJECT_CLASS(g_scan_bytes_match_parent_class)->dispose(G_OBJECT(match)); + G_OBJECT_CLASS(g_scan_bytes_matches_parent_class)->dispose(G_OBJECT(matches)); } /****************************************************************************** * * -* Paramètres : match = instance d'objet GLib à traiter. * +* Paramètres : matches = instance d'objet GLib à traiter. * * * * Description : Procède à la libération totale de la mémoire. * * * @@ -157,21 +159,18 @@ static void g_scan_bytes_match_dispose(GScanBytesMatch *match) * * ******************************************************************************/ -static void g_scan_bytes_match_finalize(GScanBytesMatch *match) +static void g_scan_bytes_matches_finalize(GScanBytesMatches *matches) { - G_OBJECT_CLASS(g_scan_bytes_match_parent_class)->finalize(G_OBJECT(match)); + G_OBJECT_CLASS(g_scan_bytes_matches_parent_class)->finalize(G_OBJECT(matches)); } /****************************************************************************** * * -* Paramètres : source = lien vers le motif recherché d'origine. * -* content = contenu binaire présentant un motif reconnu. * -* start = position de départ d'un motif détecté. * -* len = taille du motif repéré. * +* Paramètres : - * * * -* Description : Prend note d'une correspondance trouvée avec un motif. * +* Description : Crée un suivi pour série de correspondances avec des octets. * * * * Retour : Correspondance mise en place. * * * @@ -179,14 +178,11 @@ static void g_scan_bytes_match_finalize(GScanBytesMatch *match) * * ******************************************************************************/ -GScanMatch *g_scan_bytes_match_new(GSearchPattern *source, GBinContent *content, phys_t start, phys_t len) +GScanMatches *g_scan_bytes_matches_new(void) { - GScanMatch *result; /* Structure à retourner */ - - result = g_object_new(G_TYPE_SCAN_BYTES_MATCH, NULL); + GScanMatches *result; /* Structure à retourner */ - if (!g_scan_bytes_match_create(G_SCAN_BYTES_MATCH(result), source, content, start, len)) - g_clear_object(&result); + result = g_object_new(G_TYPE_SCAN_BYTES_MATCHES, NULL); return result; @@ -195,62 +191,51 @@ GScanMatch *g_scan_bytes_match_new(GSearchPattern *source, GBinContent *content, /****************************************************************************** * * -* Paramètres : match = instance à initialiser pleinement. * -* source = lien vers le motif recherché d'origine. * -* content = contenu binaire présentant un motif reconnu. * -* start = position de départ d'un motif détecté. * -* len = taille du motif repéré. * +* Paramètres : matches = suivi de correspondances à manipuler. * +* list = correspondances établies à mémoriser. * +* count = taille de cette liste. * * * -* Description : Met en place une correspondance trouvée avec un motif. * +* Description : Intègre une liste de correspondances vérifiées. * * * -* Retour : Bilan de l'opération. * +* Retour : - * * * * Remarques : - * * * ******************************************************************************/ -bool g_scan_bytes_match_create(GScanBytesMatch *match, GSearchPattern *source, GBinContent *content, phys_t start, phys_t len) +void g_scan_bytes_matches_set_list(GScanBytesMatches *matches, match_area_t *list, size_t count) { - bool result; /* Bilan à retourner */ - GScanMatch *base; /* Lien vers les infos de base */ - - result = true; - - base = G_SCAN_MATCH(match); - - base->source = source; - g_object_ref(G_OBJECT(source)); - - match->content = content; - g_object_ref(G_OBJECT(content)); + matches->areas = list; - match->start = start; - match->len = len; - - return result; + matches->count = count; } /****************************************************************************** * * -* Paramètres : match = informations de correspondance à consulter. * +* Paramètres : matches = suivi de correspondances à consulter. * +* index = indice de la correspondance recherchée. * * * -* Description : Fournit une référence au contenu lié à la correspondance. * +* Description : Fournit les informations relatives à une correspondance. * * * -* Retour : Content binaire associé au context. * +* Retour : Propritétés de la correspondance visée ou NULL pour un échec.* * * * Remarques : - * * * ******************************************************************************/ -GBinContent *g_scan_bytes_match_get_content(const GScanBytesMatch *match) +const match_area_t *g_scan_bytes_matches_get(const GScanBytesMatches *matches, size_t index) { - GBinContent *result; /* Instance à retourner */ + const match_area_t *result; /* Pointeur à retourner */ - result = match->content; + for_each_match_area(result, matches->areas) + { + if (index == 0) + break; + } - g_object_ref(G_OBJECT(result)); + assert(index == 0); return result; @@ -259,9 +244,10 @@ GBinContent *g_scan_bytes_match_get_content(const GScanBytesMatch *match) /****************************************************************************** * * -* Paramètres : match = informations de correspondance à consulter. * -* start = position de départ d'un motif détecté. [OUT] * -* end = position d'arrivée d'un motif détecté. [OUT] * +* Paramètres : matches = informations de correspondance à consulter. * +* index = indice de la correspondance visée. * +* start = position de départ d'un motif détecté. [OUT] * +* end = position d'arrivée d'un motif détecté. [OUT] * * * * Description : Indique la localisation d'une correspondance établie. * * * @@ -271,20 +257,61 @@ GBinContent *g_scan_bytes_match_get_content(const GScanBytesMatch *match) * * ******************************************************************************/ -phys_t g_scan_bytes_match_get_location(const GScanBytesMatch *match, phys_t *start, phys_t *end) +phys_t g_scan_bytes_matches_get_location(const GScanBytesMatches *matches, size_t index, phys_t *start, phys_t *end) { phys_t result; /* Taille à retourner */ + result = 0; + + /* result = match->len; *start = match->start; *end = match->start + result; + */ return result; } +/****************************************************************************** +* * +* Paramètres : matches = informations de correspondance à consulter. * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison gagnante. * +* * +* Remarques : - * +* * +******************************************************************************/ + +char *g_scan_bytes_matches_get_modifier_path(const GScanBytesMatches *matches) +{ + char *result; /* Combinaison à retourner */ + GBytesToken *pattern; /* Autre version du motif */ + + result = NULL; + + /* + + if (match->has_mod_path) + { + pattern = G_BYTES_TOKEN(G_SCAN_MATCH(match)->source); + result = g_bytes_token_get_modifier_path(pattern, match->mod_path_index); + } + + else + result = NULL; + */ + + return result; + +} + + + /* ---------------------------------------------------------------------------------- */ /* IMPLEMENTATION DES FONCTIONS DE CLASSE */ /* ---------------------------------------------------------------------------------- */ @@ -292,8 +319,31 @@ phys_t g_scan_bytes_match_get_location(const GScanBytesMatch *match, phys_t *sta /****************************************************************************** * * -* Paramètres : match = définition de correspondance à manipuler. * -* fd = canal d'écriture. * +* Paramètres : matches = suivi de correspondances à consulter. * +* * +* Description : Dénombre les correspondances enregistrées pour un motif. * +* * +* Retour : Quantité de correspondances établies. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static size_t g_scan_bytes_matches_count(const GScanBytesMatches *matches) +{ + size_t result; /* Quantité à retourner */ + + result = matches->count; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : matches = définition de correspondance à manipuler. * +* fd = canal d'écriture. * * * * Description : Affiche une correspondance au format texte. * * * @@ -303,91 +353,105 @@ phys_t g_scan_bytes_match_get_location(const GScanBytesMatch *match, phys_t *sta * * ******************************************************************************/ -static void g_scan_bytes_match_output_to_text(const GScanBytesMatch *match, int fd) +static void g_scan_bytes_matches_output_to_text(const GScanBytesMatches *matches, int fd) { + GScanMatches *base; /* Lien vers les infos de base */ + GBinContent *content; /* Contenu binaire analysé */ + const char *name; /* Désignation du motif ciblé */ + match_area_t *iter; /* Boucle de parcours #1 */ char value[2 + ULLONG_MAXLEN]; /* Impression de la position */ int ret; /* Bilan d'une conversion */ - GScanMatch *base; /* Lien vers les infos de base */ - const char *name; /* Désignation du motif ciblé */ vmpa2t pos; /* Tête de lecture */ + phys_t len; /* Taille d'une correspondance */ const bin_t *data; /* Accès aux données brutes */ phys_t k; /* Boucle de parcours #2 */ - /* Position dans le binaire (hexadécimal) */ + base = G_SCAN_MATCHES(matches); - ret = snprintf(value, ULLONG_MAXLEN, "0x%llx", (unsigned long long)match->start); + content = g_scan_context_get_content(base->context); - if (ret > 0) - write(fd, value, ret); + name = g_search_pattern_get_name(base->source); - else + for_each_match_area(iter, matches->areas) { - log_simple_message(LMT_EXT_ERROR, "Error while converting offset to hex!"); - write(fd, "\"<error>\"", 9); - } + /* Position dans le binaire (hexadécimal) */ - write(fd, ":", 1); + ret = snprintf(value, ULLONG_MAXLEN, "0x%llx", (unsigned long long)iter->start); - /* Affichage de la désignation */ + if (ret > 0) + write(fd, value, ret); - write(fd, "$", 1); + else + { + log_simple_message(LMT_EXT_ERROR, "Error while converting offset to hex!"); + write(fd, "\"<error>\"", 9); + } - base = G_SCAN_MATCH(match); + write(fd, ":", 1); - name = g_search_pattern_get_name(base->source); + /* Affichage de la désignation */ - /** - * Les fonctionnalités Yara d'origine autorisent les variables anonymes '$'. - * - * Cette absence de nom est supportée ici. - */ + write(fd, "$", 1); - if (name != NULL) - write(fd, name, strlen(name)); + /** + * Les fonctionnalités Yara d'origine autorisent les variables anonymes '$'. + * + * Cette absence de nom est supportée ici. + */ - write(fd, ": ", 2); + if (name != NULL) + write(fd, name, strlen(name)); - /* Affichage du contenu */ + write(fd, ": ", 2); - init_vmpa(&pos, match->start, VMPA_NO_VIRTUAL); + /* Affichage du contenu */ - data = g_binary_content_get_raw_access(match->content, &pos, match->len); + init_vmpa(&pos, iter->start, VMPA_NO_VIRTUAL); - for (k = 0; k < match->len; k++) - { - if (isprint(data[k])) - write(fd, &data[k], 1); + len = iter->end - iter->start; - else - { - write(fd, "\\x", 2); - - ret = snprintf(value, ULLONG_MAXLEN, "%02hhx", data[k]); + data = g_binary_content_get_raw_access(content, &pos, len); + assert(data != NULL); - if (ret > 0) - { - assert(ret == 2); - write(fd, value, ret); - } + for (k = 0; k < len; k++) + { + if (isprint(data[k])) + write(fd, &data[k], 1); else { - log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); - write(fd, "??", 2); + write(fd, "\\x", 2); + + ret = snprintf(value, ULLONG_MAXLEN, "%02hhx", data[k]); + + if (ret > 0) + { + assert(ret == 2); + write(fd, value, ret); + } + + else + { + log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); + write(fd, "??", 2); + } + } } + write(fd, "\n", 1); + } - write(fd, "\n", 1); + g_object_unref(G_OBJECT(content)); } /****************************************************************************** * * -* Paramètres : match = définition de correspondance à manipuler. * +* Paramètres : matches = définition de correspondance à manipuler. * * padding = éventuel bourrage initial à placer ou NULL. * * level = profondeur actuelle. * * fd = canal d'écriture. * @@ -400,188 +464,249 @@ static void g_scan_bytes_match_output_to_text(const GScanBytesMatch *match, int * * ******************************************************************************/ -static void g_scan_bytes_match_output_to_json(const GScanBytesMatch *match, const sized_string_t *padding, unsigned int level, int fd) +static void g_scan_bytes_matches_output_to_json(const GScanBytesMatches *matches, const sized_string_t *padding, unsigned int level, int fd) { unsigned int i; /* Boucle de parcours #1 */ - vmpa2t pos; /* Tête de lecture */ char value[4 + ULLONG_MAXLEN]; /* Impression de la position */ int ret; /* Bilan d'une conversion */ + GScanMatches *base; /* Lien vers les infos de base */ + GBinContent *content; /* Contenu binaire analysé */ + match_area_t *iter; /* Boucle de parcours #1 */ + vmpa2t pos; /* Tête de lecture */ + phys_t len; /* Taille d'une correspondance */ const bin_t *data; /* Accès aux données brutes */ phys_t k; /* Boucle de parcours #2 */ - /* Position dans le binaire (décimal) */ + /* Nombre de correspondances */ for (i = 0; i < level; i++) write(fd, padding->data, padding->len); - write(fd, "\"offset\": ", 10); + write(fd, "\"match_count\": ", 15); - ret = snprintf(value, ULLONG_MAXLEN, "%llu", (unsigned long long)match->start); + ret = snprintf(value, ULLONG_MAXLEN, "%zu", matches->count); if (ret > 0) write(fd, value, ret); else { - log_simple_message(LMT_EXT_ERROR, "Error while converting offset!"); + log_simple_message(LMT_EXT_ERROR, "Error while converting value!"); write(fd, "null", 4); } write(fd, ",\n", 2); - /* Position dans le binaire (hexadécimal) */ + /* Détail des correspondances */ for (i = 0; i < level; i++) write(fd, padding->data, padding->len); - write(fd, "\"offset_hex\": ", 14); + write(fd, "\"matches\": [\n", 13); - ret = snprintf(value, ULLONG_MAXLEN, "\"0x%llx\"", (unsigned long long)match->start); + base = G_SCAN_MATCHES(matches); - if (ret > 0) - write(fd, value, ret); + content = g_scan_context_get_content(base->context); - else + for_each_match_area(iter, matches->areas) { - log_simple_message(LMT_EXT_ERROR, "Error while converting offset to hex!"); - write(fd, "null", 4); - } - - write(fd, ",\n", 2); + /* Marqueur de début */ - /* Affichage du contenu brut */ + for (i = 0; i < (level + 1); i++) + write(fd, padding->data, padding->len); - for (i = 0; i < level; i++) - write(fd, padding->data, padding->len); + write(fd, "{\n", 2); - write(fd, "\"content\": \"", 12); + /* Position dans le binaire (décimal) */ - init_vmpa(&pos, match->start, VMPA_NO_VIRTUAL); + for (i = 0; i < (level + 2); i++) + write(fd, padding->data, padding->len); - data = g_binary_content_get_raw_access(match->content, &pos, match->len); - assert(data != NULL); + write(fd, "\"offset\": ", 10); - for (k = 0; k < match->len; k++) - { - if (data[k] == '\\') - write(fd, "\\\\", 2); + ret = snprintf(value, ULLONG_MAXLEN, "%llu", (unsigned long long)iter->start); - else if (isprint(data[k])) - write(fd, &data[k], 1); + if (ret > 0) + write(fd, value, ret); else { - write(fd, "\\u", 2); + log_simple_message(LMT_EXT_ERROR, "Error while converting offset!"); + write(fd, "null", 4); + } - /** - * Cf. https://datatracker.ietf.org/doc/html/rfc8259#section-7 - */ - ret = snprintf(value, ULLONG_MAXLEN, "%04hhx", data[k]); + write(fd, ",\n", 2); - if (ret > 0) - { - assert(ret == 4); - write(fd, value, ret); - } + /* Position dans le binaire (hexadécimal) */ - else - { - log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); - write(fd, "??", 2); - } + for (i = 0; i < (level + 2); i++) + write(fd, padding->data, padding->len); - } + write(fd, "\"offset_hex\": ", 14); - } + ret = snprintf(value, ULLONG_MAXLEN, "\"0x%llx\"", (unsigned long long)iter->start); + + if (ret > 0) + write(fd, value, ret); - write(fd, "\",\n", 3); + else + { + log_simple_message(LMT_EXT_ERROR, "Error while converting offset to hex!"); + write(fd, "null", 4); + } - /* Affichage du contenu en version humainement lisible */ + write(fd, ",\n", 2); - for (i = 0; i < level; i++) - write(fd, padding->data, padding->len); + /* Affichage du contenu brut */ - write(fd, "\"content_str\": \"", 16); + for (i = 0; i < (level + 2); i++) + write(fd, padding->data, padding->len); - init_vmpa(&pos, match->start, VMPA_NO_VIRTUAL); + write(fd, "\"content\": \"", 12); - data = g_binary_content_get_raw_access(match->content, &pos, match->len); - assert(data != NULL); + init_vmpa(&pos, iter->start, VMPA_NO_VIRTUAL); - for (k = 0; k < match->len; k++) - { - if (data[k] == '\\') - write(fd, "\\\\", 2); + len = iter->end - iter->start; - else if (isprint(data[k])) - write(fd, &data[k], 1); + data = g_binary_content_get_raw_access(content, &pos, len); + assert(data != NULL); - else + for (k = 0; k < len; k++) { - write(fd, "\\\\x", 3); + if (data[k] == '\\') + write(fd, "\\\\", 2); - ret = snprintf(value, ULLONG_MAXLEN, "%02hhx", data[k]); + else if (isprint(data[k])) + write(fd, &data[k], 1); - if (ret > 0) + else { - assert(ret == 2); - write(fd, value, ret); + write(fd, "\\u", 2); + + /** + * Cf. https://datatracker.ietf.org/doc/html/rfc8259#section-7 + */ + ret = snprintf(value, ULLONG_MAXLEN, "%04hhx", data[k]); + + if (ret > 0) + { + assert(ret == 4); + write(fd, value, ret); + } + + else + { + log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); + write(fd, "??", 2); + } + } + } + + write(fd, "\",\n", 3); + + /* Affichage du contenu en version humainement lisible */ + + for (i = 0; i < (level + 2); i++) + write(fd, padding->data, padding->len); + + write(fd, "\"content_str\": \"", 16); + + init_vmpa(&pos, iter->start, VMPA_NO_VIRTUAL); + + data = g_binary_content_get_raw_access(content, &pos, len); + assert(data != NULL); + + for (k = 0; k < len; k++) + { + if (data[k] == '\\') + write(fd, "\\\\", 2); + + else if (isprint(data[k])) + write(fd, &data[k], 1); + else { - log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); - write(fd, "??", 2); + write(fd, "\\\\x", 3); + + ret = snprintf(value, ULLONG_MAXLEN, "%02hhx", data[k]); + + if (ret > 0) + { + assert(ret == 2); + write(fd, value, ret); + } + + else + { + log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); + write(fd, "??", 2); + } + } } - } + write(fd, "\",\n", 3); - write(fd, "\",\n", 3); + /* Affichage du contenu brut */ - /* Affichage du contenu brut */ + for (i = 0; i < (level + 2); i++) + write(fd, padding->data, padding->len); - for (i = 0; i < level; i++) - write(fd, padding->data, padding->len); + write(fd, "\"length\": ", 10); - write(fd, "\"length\": ", 10); + ret = snprintf(value, ULLONG_MAXLEN, "%llu", (unsigned long long)len); - init_vmpa(&pos, match->start, VMPA_NO_VIRTUAL); + if (ret > 0) + write(fd, value, ret); - ret = snprintf(value, ULLONG_MAXLEN, "%llu", (unsigned long long)match->len); + else + { + log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); + write(fd, "-1", 2); + } - if (ret > 0) - write(fd, value, ret); + write(fd, ",\n", 2); - else - { - log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); - write(fd, "-1", 2); - } + /* Affichage du contenu brut (hexadécimal) */ - write(fd, ",\n", 2); + for (i = 0; i < (level + 2); i++) + write(fd, padding->data, padding->len); - /* Affichage du contenu brut (hexadécimal) */ + write(fd, "\"length_hex\": ", 14); - for (i = 0; i < level; i++) - write(fd, padding->data, padding->len); + ret = snprintf(value, ULLONG_MAXLEN, "\"0x%llx\"", (unsigned long long)len); - write(fd, "\"length_hex\": ", 14); + if (ret > 0) + write(fd, value, ret); - init_vmpa(&pos, match->start, VMPA_NO_VIRTUAL); + else + { + log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); + write(fd, "\"0xffffffffffffffff\"", 20); + } - ret = snprintf(value, ULLONG_MAXLEN, "\"0x%llx\"", (unsigned long long)match->len); + write(fd, "\n", 1); - if (ret > 0) - write(fd, value, ret); + /* Marqueur de fin */ + + for (i = 0; i < (level + 1); i++) + write(fd, padding->data, padding->len); + + if (is_last_match_area(iter, matches->areas)) + write(fd, "}\n", 2); + else + write(fd, "},\n", 3); - else - { - log_simple_message(LMT_EXT_ERROR, "Error while converting data!"); - write(fd, "\"0xffffffffffffffff\"", 20); } - write(fd, "\n", 1); + g_object_unref(G_OBJECT(content)); + + for (i = 0; i < level; i++) + write(fd, padding->data, padding->len); + + write(fd, "]\n", 2); } diff --git a/src/analysis/scan/matches/bytes.h b/src/analysis/scan/matches/bytes.h index e599ee4..90d6062 100644 --- a/src/analysis/scan/matches/bytes.h +++ b/src/analysis/scan/matches/bytes.h @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * bytes.h - prototypes pour la sauvegarde d'une correspondance identifiée de suite d'octets + * bytes.h - prototypes pour la sauvegarde de correspondances avec des suites d'octets identifiées * * Copyright (C) 2022 Cyrille Bagard * @@ -28,37 +28,47 @@ #include <glib-object.h> -#include "../match.h" -#include "../../content.h" +#include "area.h" +#include "../context.h" +#include "../matches.h" -#define G_TYPE_SCAN_BYTES_MATCH g_scan_bytes_match_get_type() -#define G_SCAN_BYTES_MATCH(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_BYTES_MATCH, GScanBytesMatch)) -#define G_IS_SCAN_BYTES_MATCH(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_BYTES_MATCH)) -#define G_SCAN_BYTES_MATCH_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_BYTES_MATCH, GScanBytesMatchClass)) -#define G_IS_SCAN_BYTES_MATCH_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_BYTES_MATCH)) -#define G_SCAN_BYTES_MATCH_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_BYTES_MATCH, GScanBytesMatchClass)) +/* -------------------- CONSERVATION DE CORRESPONDANCES ETABLIES -------------------- */ -/* Correspondance trouvée avec une chaîne (instance) */ -typedef struct _GScanBytesMatch GScanBytesMatch; +#define G_TYPE_SCAN_BYTES_MATCHES g_scan_bytes_matches_get_type() +#define G_SCAN_BYTES_MATCHES(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_BYTES_MATCHES, GScanBytesMatches)) +#define G_IS_SCAN_BYTES_MATCHES(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_BYTES_MATCHES)) +#define G_SCAN_BYTES_MATCHES_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_BYTES_MATCHES, GScanBytesMatchesClass)) +#define G_IS_SCAN_BYTES_MATCHES_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_BYTES_MATCHES)) +#define G_SCAN_BYTES_MATCHES_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_BYTES_MATCHES, GScanBytesMatchesClass)) -/* Correspondance trouvée avec une chaîne (classe) */ -typedef struct _GScanBytesMatchClass GScanBytesMatchClass; +/* Correspondances trouvées avec des suite d'octets (instance) */ +typedef struct _GScanBytesMatches GScanBytesMatches; -/* Indique le type défini pour un correspondance de chaîne identifiée. */ -GType g_scan_bytes_match_get_type(void); +/* Correspondances trouvées avec des suite d'octets (classe) */ +typedef struct _GScanBytesMatchesClass GScanBytesMatchesClass; -/* Prend note d'une correspondance trouvée avec un motif. */ -GScanMatch *g_scan_bytes_match_new(GSearchPattern *, GBinContent *, phys_t, phys_t); -/* Fournit une référence au contenu lié à la correspondance. */ -GBinContent *g_scan_bytes_match_get_content(const GScanBytesMatch *); +/* Indique le type défini pour une série de correspondances d'octets identifiées. */ +GType g_scan_bytes_matches_get_type(void); + +/* Crée un suivi pour série de correspondances avec des octets. */ +GScanMatches *g_scan_bytes_matches_new(void); + +/* Intègre une liste de correspondances vérifiées. */ +void g_scan_bytes_matches_set_list(GScanBytesMatches *, match_area_t *, size_t); + +/* Fournit les informations relatives à une correspondance. */ +const match_area_t *g_scan_bytes_matches_get(const GScanBytesMatches *, size_t); /* Indique la localisation d'une correspondance établie. */ -phys_t g_scan_bytes_match_get_location(const GScanBytesMatch *, phys_t *, phys_t *); +phys_t g_scan_bytes_matches_get_location(const GScanBytesMatches *, size_t, phys_t *, phys_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +char *g_scan_bytes_matches_get_modifier_path(const GScanBytesMatches *); diff --git a/src/analysis/scan/matches/pending.c b/src/analysis/scan/matches/pending.c index 9ed4de3..c653257 100644 --- a/src/analysis/scan/matches/pending.c +++ b/src/analysis/scan/matches/pending.c @@ -33,6 +33,8 @@ + + /* ------------------------- MEMORISATION D'UNE ZONE BORNEE ------------------------- */ @@ -50,8 +52,6 @@ static int compare_match_area(const match_area_t *, const match_area_t *); - - /* ---------------------------------------------------------------------------------- */ /* MEMORISATION D'UNE ZONE BORNEE */ /* ---------------------------------------------------------------------------------- */ @@ -59,6 +59,104 @@ static int compare_match_area(const match_area_t *, const match_area_t *); /****************************************************************************** * * +* Paramètres : allocator = allocateur dédié à l'ensemble de zones. * +* start = point de départ d'une nouvelle correspondance. * +* length = taille de la zone couverte. * +* * +* Description : Crée une nouvelle structure de suivi de correspondance. * +* * +* Retour : Structure initialisée mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static match_area_t *create_match_area(GUMemCache *allocator, phys_t start, phys_t length) +{ + match_area_t *result; /* Zone à retourner */ + + result = g_umem_cache_alloc(allocator); + + DL_LIST_ITEM_INIT(&result->link); + + result->start = start; + result->end = start + length; + + assert(matches->content_start <= result->start); + assert(result->end <= matches->content_end); + + result->ttl = 1; + + result->has_mod_path = false; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : allocator = allocateur dédié à l'ensemble de zones. * +* start = point de départ d'une nouvelle correspondance. * +* length = taille de la zone couverte. * +* index = indice de construction pour le motif concerné. * +* * +* Description : Crée une nouvelle structure de suivi de correspondance. * +* * +* Retour : Structure initialisée mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static match_area_t *create_match_area_with_path(GUMemCache *allocator, phys_t start, phys_t length, size_t index) +{ + match_area_t *result; /* Zone à retourner */ + + result = g_umem_cache_alloc(allocator); + + DL_LIST_ITEM_INIT(&result->link); + + result->start = start; + result->end = start + length; + + assert(matches->content_start <= result->start); + assert(result->end <= matches->content_end); + + result->ttl = 1; + + result->mod_path_index = index; + result->has_mod_path = true; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : area = zone de suivi à supprimer. * +* allocator = allocateur dédié à l'ensemble de zones. * +* * +* Description : Supprime une structure de suivi de correspondance. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void delete_match_area(match_area_t *area, GUMemCache *allocator) +{ + // TODO : assert(alone) + + g_umem_cache_free(allocator, area); + +} + + +/****************************************************************************** +* * * Paramètres : a = pointeur vers la première zone à analyser. * * b = pointeur vers la seconde zone à analyser. * * * @@ -82,6 +180,12 @@ static int compare_match_area(const match_area_t *a, const match_area_t *b) if (result == 0) result = sort_unsigned_long_long(a->ttl, b->ttl); + if (result == 0) + result = sort_unsigned_long_long(a->has_mod_path, b->has_mod_path); + + if (result == 0) + result = sort_unsigned_long_long(a->mod_path_index, b->mod_path_index); + return result; } @@ -112,6 +216,7 @@ void init_pending_matches(pending_matches_t *matches, const phys_t *start, const matches->content_start = *start; matches->content_end = *end; + matches->allocator = NULL; matches->areas = NULL; matches->allocated = 0; matches->used = 0; @@ -273,25 +378,39 @@ match_area_t * const *get_all_pending_matches(const pending_matches_t *matches, void add_pending_match(pending_matches_t *matches, phys_t start, phys_t length) { - match_area_t *area; /* Zone à initialiser */ + match_area_t *area; /* Nouvelle zone à intégrer */ - if (matches->used == matches->allocated) - { - matches->allocated += PENDING_ALLOC_SIZE; + area = create_match_area(matches->allocator, start, length); - matches->areas = realloc(matches->areas, matches->allocated * sizeof(match_area_t)); + dl_list_add_tail(area, &matches->areas, match_area_t, link); + matches->used++; - } +} - area = &matches->areas[matches->used++]; - area->start = start; - area->end = start + length; +/****************************************************************************** +* * +* Paramètres : matches = suivi de correspondances à compléter. * +* start = point de départ d'une nouvelle correspondance. * +* length = taille de la zone couverte. * +* index = indice de construction pour le motif concerné. * +* * +* Description : Ajoute au suivi la définition d'une nouvelle correspondance. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void add_pending_match_with_path(pending_matches_t *matches, phys_t start, phys_t length, size_t index) +{ + match_area_t *area; /* Nouvelle zone à intégrer */ - assert(matches->content_start <= area->start); - assert(area->end <= matches->content_end); + area = create_match_area_with_path(matches->allocator, start, length, index); - area->ttl = 1; + dl_list_add_tail(area, &matches->areas, match_area_t, link); + matches->used++; } diff --git a/src/analysis/scan/matches/pending.h b/src/analysis/scan/matches/pending.h index 6df01c9..e430ca1 100644 --- a/src/analysis/scan/matches/pending.h +++ b/src/analysis/scan/matches/pending.h @@ -21,7 +21,7 @@ */ -#ifndef _ANALYSIS_SCAN_MATCHES_PENDING_H +#if 0 //ndef _ANALYSIS_SCAN_MATCHES_PENDING_H #define _ANALYSIS_SCAN_MATCHES_PENDING_H @@ -30,17 +30,28 @@ #include "../../content.h" +#include "../../../common/dllist.h" + + + +// TODO : move vers ByteMatch +typedef int GUMemCache; /* Couverture d'une correspondance */ typedef struct _match_area_t { + DL_LIST_ITEM(link); /* Lien vers les maillons */ + phys_t start; /* Point de départ */ phys_t end; /* Point d'arrivée (exclus) */ unsigned long ttl; /* Durée de vie pour analyse */ + size_t mod_path_index; /* Indice de construction */ + bool has_mod_path; /* Validité du champ précédent */ + } match_area_t; /* Suivi de correspondances */ @@ -49,6 +60,7 @@ typedef struct _pending_matches_t phys_t content_start; /* Point de début du contenu */ phys_t content_end; /* Point de fin du contenu */ + GUMemCache *allocator; /* Allocateur pour zones */ match_area_t *areas; /* Zones couvertes */ size_t allocated; /* Nombre d'allocations */ size_t used; /* Nombre de zones */ @@ -86,6 +98,9 @@ match_area_t * const *get_all_pending_matches(const pending_matches_t *, size_t /* Ajoute au suivi la définition d'une nouvelle correspondance. */ void add_pending_match(pending_matches_t *, phys_t, phys_t); +/* Ajoute au suivi la définition d'une nouvelle correspondance. */ +void add_pending_match_with_path(pending_matches_t *, phys_t, phys_t, size_t); + /* Etend une zone couverte dans le suivi des correspondances. */ void extend_pending_match_beginning(pending_matches_t *, size_t, phys_t); diff --git a/src/analysis/scan/options-int.h b/src/analysis/scan/options-int.h index e8ae428..975fb6c 100644 --- a/src/analysis/scan/options-int.h +++ b/src/analysis/scan/options-int.h @@ -41,6 +41,10 @@ struct _GScanOptions bool print_json; /* Sortie au format json ? */ bool print_strings; /* Affichage de correspondances*/ bool print_stats; /* Affichage de statistiques ? */ + bool print_tags; /* Affichage des étiquttes ? */ + + char **selected_tags; /* Etiquettes sélectionnées */ + size_t selected_count; /* Nombre de ces étiquettes */ }; diff --git a/src/analysis/scan/options.c b/src/analysis/scan/options.c index 637c821..ecff9f1 100644 --- a/src/analysis/scan/options.c +++ b/src/analysis/scan/options.c @@ -24,6 +24,10 @@ #include "options.h" +#include <malloc.h> +#include <string.h> + + #include "options-int.h" @@ -92,6 +96,9 @@ static void g_scan_options_init(GScanOptions *options) options->print_strings = false; options->print_stats = false; + options->selected_tags = NULL; + options->selected_count = 0; + } @@ -128,6 +135,14 @@ static void g_scan_options_dispose(GScanOptions *options) static void g_scan_options_finalize(GScanOptions *options) { + size_t i; /* Boucle de parcours */ + + for (i = 0; i < options->selected_count; i++) + free(options->selected_tags[i]); + + if (options->selected_tags != NULL) + free(options->selected_tags); + G_OBJECT_CLASS(g_scan_options_parent_class)->finalize(G_OBJECT(options)); } @@ -369,3 +384,107 @@ void g_scan_options_set_print_stats(GScanOptions *options, bool state) options->print_stats = state; } + + +/****************************************************************************** +* * +* Paramètres : options = ensemble d'options d'analyses à consulter. * +* * +* Description : Indique un besoin d'affichage des étiquettes avec résultats. * +* * +* Retour : Etat de l'option visée à conservé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_options_get_print_tags(const GScanOptions *options) +{ + bool result; /* Statut à retourner */ + + result = options->print_tags; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : options = ensemble d'options d'analyses à modifier. * +* state = état de l'option visée à conserver. * +* * +* Description : Mémorise un besoin d'affichage des étiquettes avec résultats.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_options_set_print_tags(GScanOptions *options, bool state) +{ + options->print_tags = state; + +} + + +/****************************************************************************** +* * +* Paramètres : options = ensemble d'options d'analyses à compléter. * +* tag = étiquette de règle à sélectionner. * +* * +* Description : Inscrit une étiquette comme sélection de règles à afficher. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_options_select_tag(GScanOptions *options, const char *tag) +{ + options->selected_tags = realloc(options->selected_tags, ++options->selected_count * sizeof(char *)); + + options->selected_tags[options->selected_count - 1] = strdup(tag); + +} + + +/****************************************************************************** +* * +* Paramètres : options = ensemble d'options d'analyses à compléter. * +* tag = étiquette de règle à auditionner. * +* * +* Description : Détermine si une étiquette donnée conduit à un affichage. * +* * +* Retour : true si une règle portant l'étiquette doit être affichée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_options_has_tag_as_selected(const GScanOptions *options, const char *tag) +{ + bool result; /* Bilan à retourner */ + size_t i; /* Boucle de parcours */ + + if (tag == NULL) + result = (options->selected_count == 0); + + else + { + result = false; + + for (i = 0; i < options->selected_count; i++) + if (strcmp(options->selected_tags[i], tag) == 0) + { + result = true; + break; + } + + } + + return result; + +} diff --git a/src/analysis/scan/options.h b/src/analysis/scan/options.h index c6db838..059c57e 100644 --- a/src/analysis/scan/options.h +++ b/src/analysis/scan/options.h @@ -81,6 +81,18 @@ bool g_scan_options_get_print_stats(const GScanOptions *); /* Mémorise un besoin de statistiques en fin de compilation. */ void g_scan_options_set_print_stats(GScanOptions *, bool); +/* Indique un besoin d'affichage des étiquettes avec résultats. */ +bool g_scan_options_get_print_tags(const GScanOptions *); + +/* Mémorise un besoin d'affichage des étiquettes avec résultats. */ +void g_scan_options_set_print_tags(GScanOptions *, bool); + +/* Inscrit une étiquette comme sélection de règles à afficher. */ +void g_scan_options_select_tag(GScanOptions *, const char *); + +/* Détermine si une étiquette donnée conduit à un affichage. */ +bool g_scan_options_has_tag_as_selected(const GScanOptions *, const char *); + #endif /* _ANALYSIS_SCAN_OPTIONS_H */ diff --git a/src/analysis/scan/pattern.c b/src/analysis/scan/pattern.c index fe3babc..dc4418c 100644 --- a/src/analysis/scan/pattern.c +++ b/src/analysis/scan/pattern.c @@ -332,7 +332,7 @@ void g_search_pattern_output_to_json(const GSearchPattern *pattern, GScanContext class = G_SEARCH_PATTERN_GET_CLASS(pattern); - class->to_json(pattern, context, padding, level + 1, fd); + class->to_json(pattern, context, padding, level, fd); /* Conclusion */ diff --git a/src/analysis/scan/patterns/Makefile.am b/src/analysis/scan/patterns/Makefile.am index c3d0994..989a562 100644 --- a/src/analysis/scan/patterns/Makefile.am +++ b/src/analysis/scan/patterns/Makefile.am @@ -5,8 +5,12 @@ noinst_LTLIBRARIES = libanalysisscanpatterns.la libanalysisscanpatterns_la_SOURCES = \ backend-int.h \ backend.h backend.c \ + customizer-int.h \ + customizer.h customizer.c \ + modarg.h \ modifier-int.h \ modifier.h modifier.c \ + patid.h \ token-int.h \ token.h token.c diff --git a/src/analysis/scan/patterns/backend-int.h b/src/analysis/scan/patterns/backend-int.h index b2587df..aeabe1b 100644 --- a/src/analysis/scan/patterns/backend-int.h +++ b/src/analysis/scan/patterns/backend-int.h @@ -33,10 +33,16 @@ typedef size_t (* get_backend_atom_max_size_fc) (const GEngineBackend *); /* Inscrit dans le moteur une chaîne de caractères à rechercher. */ -typedef patid_t (* enroll_plain_into_backend_fc) (GEngineBackend *, GScanContext *, const uint8_t *, size_t); +typedef patid_t (* enroll_plain_into_backend_fc) (GEngineBackend *, const uint8_t *, size_t, uint32_t [2]); /* Met en ordre les derniers détails avant un premier scan. */ -typedef void (* warm_up_backend_fc) (GEngineBackend *); +typedef bool (* warm_up_backend_fc) (GEngineBackend *); + +/* Récupère les identifiants finaux pour un motif recherché. */ +typedef patid_t (* build_backend_plain_pattern_id_fc) (const GEngineBackend *, const uint32_t [2]); + +/* Détermine le nombre d'identifiants constitués. */ +typedef size_t (* count_backend_plain_pattern_ids_fc) (const GEngineBackend *); /* Parcours un contenu binaire à la recherche de motifs. */ typedef void (* run_backend_scan_fc) (const GEngineBackend *, GScanContext *); @@ -57,9 +63,11 @@ struct _GEngineBackendClass { GObjectClass parent; /* A laisser en premier */ - get_backend_atom_max_size_fc get_max_size; /* Taille maximale d'atome */ - enroll_plain_into_backend_fc enroll_plain; /* Inscription simple */ + get_backend_atom_max_size_fc get_max_size; /* Taille maximale d'atome */ + enroll_plain_into_backend_fc enroll_plain; /* Inscription simpl e */ warm_up_backend_fc warm_up; /* Préchauffage avant analyse */ + build_backend_plain_pattern_id_fc build_id; /* Définition d'identifiant*/ + count_backend_plain_pattern_ids_fc count_ids; /* Décompte des id. */ run_backend_scan_fc run_scan; /* Lancement d'une analyse */ output_backend_stats_fc output; /* Impression de statistiques */ diff --git a/src/analysis/scan/patterns/backend.c b/src/analysis/scan/patterns/backend.c index 0ecc7fe..a887600 100644 --- a/src/analysis/scan/patterns/backend.c +++ b/src/analysis/scan/patterns/backend.c @@ -155,9 +155,9 @@ size_t g_engine_backend_get_atom_max_size(const GEngineBackend *backend) /****************************************************************************** * * * Paramètres : backend = moteur de recherche à manipuler. * -* context = contexte de l'analyse à mener. * * plain = chaîne de caractères classique à intégrer. * * len = taille de cette chaîne. * +* tmp_id = identifiants temporaires vers le motif. [OUT] * * * * Description : Inscrit dans le moteur une chaîne de caractères à rechercher.* * * @@ -167,14 +167,14 @@ size_t g_engine_backend_get_atom_max_size(const GEngineBackend *backend) * * ******************************************************************************/ -patid_t g_engine_backend_enroll_plain_pattern(GEngineBackend *backend, GScanContext *context, const uint8_t *plain, size_t len) +bool g_engine_backend_enroll_plain_pattern(GEngineBackend *backend, const uint8_t *plain, size_t len, uint32_t tmp_id[2]) { - patid_t result; /* Identifiant à retourner */ + bool result; /* Bilan à retourner */ GEngineBackendClass *class; /* Classe à activer */ class = G_ENGINE_BACKEND_GET_CLASS(backend); - result = class->enroll_plain(backend, context, plain, len); + result = class->enroll_plain(backend, plain, len, tmp_id); return result; @@ -187,20 +187,78 @@ patid_t g_engine_backend_enroll_plain_pattern(GEngineBackend *backend, GScanCont * * * Description : Met en ordre les derniers détails avant un premier scan. * * * -* Retour : - * +* Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ -void g_engine_backend_warm_up(GEngineBackend *backend) +bool g_engine_backend_warm_up(GEngineBackend *backend) { + bool result; /* Bilan à retourner */ GEngineBackendClass *class; /* Classe à activer */ class = G_ENGINE_BACKEND_GET_CLASS(backend); if (class->warm_up != NULL) - class->warm_up(backend); + result = class->warm_up(backend); + else + result = true; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à manipuler. * +* tmp_id = identifiants temporaires vers le motif. [OUT] * +* * +* Description : Récupère les identifiants finaux pour un motif recherché. * +* * +* Retour : Identifiant constitué ou INVALID_PATTERN_ID en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +patid_t g_engine_backend_build_plain_pattern_id(const GEngineBackend *backend, const uint32_t tmp_id[2]) +{ + patid_t result; /* Identifiant à retourner */ + GEngineBackendClass *class; /* Classe à activer */ + + class = G_ENGINE_BACKEND_GET_CLASS(backend); + + result = class->build_id(backend, tmp_id); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à manipuler. * +* * +* Description : Détermine le nombre d'identifiants constitués. * +* * +* Retour : Quantité de gestionnaires de suivi à prévoir. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_engine_backend_count_plain_pattern_ids(const GEngineBackend *backend) +{ + size_t result; /* Quantité à retourner */ + GEngineBackendClass *class; /* Classe à activer */ + + class = G_ENGINE_BACKEND_GET_CLASS(backend); + + result = class->count_ids(backend); + + return result; } diff --git a/src/analysis/scan/patterns/backend.h b/src/analysis/scan/patterns/backend.h index 8f6b929..3f9be03 100644 --- a/src/analysis/scan/patterns/backend.h +++ b/src/analysis/scan/patterns/backend.h @@ -57,10 +57,16 @@ GType g_engine_backend_get_type(void); size_t g_engine_backend_get_atom_max_size(const GEngineBackend *); /* Inscrit dans le moteur une chaîne de caractères à rechercher. */ -patid_t g_engine_backend_enroll_plain_pattern(GEngineBackend *, GScanContext *, const uint8_t *, size_t); +bool g_engine_backend_enroll_plain_pattern(GEngineBackend *, const uint8_t *, size_t, uint32_t [2]); /* Met en ordre les derniers détails avant un premier scan. */ -void g_engine_backend_warm_up(GEngineBackend *); +bool g_engine_backend_warm_up(GEngineBackend *); + +/* Récupère les identifiants finaux pour un motif recherché. */ +patid_t g_engine_backend_build_plain_pattern_id(const GEngineBackend *, const uint32_t [2]); + +/* Détermine le nombre d'identifiants constitués. */ +size_t g_engine_backend_count_plain_pattern_ids(const GEngineBackend *); /* Parcours un contenu binaire à la recherche de motifs. */ void g_engine_backend_run_scan(const GEngineBackend *, GScanContext *); diff --git a/src/analysis/scan/patterns/backends/Makefile.am b/src/analysis/scan/patterns/backends/Makefile.am index 672b7ff..23b0163 100644 --- a/src/analysis/scan/patterns/backends/Makefile.am +++ b/src/analysis/scan/patterns/backends/Makefile.am @@ -6,11 +6,13 @@ libanalysisscanpatternsbackends_la_SOURCES = \ acism-int.h \ acism.h acism.c \ bitap-int.h \ - bitap.h bitap.c + bitap.h bitap.c \ + hyperscan-int.h \ + hyperscan.h hyperscan.c # Cf. https://www.gnu.org/software/automake/manual/html_node/Per_002dObject-Flags.html -AM_CFLAGS = $(LIBGOBJ_CFLAGS) +AM_CFLAGS = $(LIBGOBJ_CFLAGS) $(LIBHS_CFLAGS) diff --git a/src/analysis/scan/patterns/backends/acism-int.h b/src/analysis/scan/patterns/backends/acism-int.h index 57c3c73..c4a72ca 100644 --- a/src/analysis/scan/patterns/backends/acism-int.h +++ b/src/analysis/scan/patterns/backends/acism-int.h @@ -47,13 +47,35 @@ /* Définition d'une portion de cible */ typedef struct _acism_source_t { + /** + * Champs renseignés dans g_acism_backend_setup_for(). + */ + const uint8_t *atoms; /* Motif remarquable */ size_t len; /* Nombre d'octets considérés */ - patid_t pid; /* Identifiant de suivi */ + /** + * Champs renseignés dans g_acism_backend_build_trie(). + */ + + bool is_first; /* Première instance rencontrée*/ + + union + { + uint32_t coverage[2]; /* Départ et quantité de suivis*/ + struct + { + size_t first_source; /* Indice de première source */ + uint32_t index; /* Position dans la liste */ + }; + }; } acism_source_t; +#define SOURCE_COVERAGE_START 0 +#define SOURCE_COVERAGE_COUNT 1 +#define SOURCE_COVERAGE_END 1 + /* Etude de la fréquence des octets pour attribution des codes */ typedef struct _acism_freq_rank_t { @@ -68,6 +90,8 @@ typedef uint16_t acism_code_t; #define MIN_ACISM_CODE 0 #define MAX_ACISM_CODE 0xffff +#define ROOT_STATE_INDEX 0 + /* Noeud de l'arborescence brute */ typedef struct _acism_trie_node_t { @@ -79,8 +103,6 @@ typedef struct _acism_trie_node_t bin_t data; /* Donnée brute représentée */ acism_code_t code; /* Identifiant du noeud */ - patid_t pid; /* Identifiant de suivi */ - acism_code_t min_child_code; /* Plus petit code suivant */ acism_code_t max_child_code; /* Plus grand code suivant */ size_t children_count; /* Nombre de codes suivants */ @@ -91,35 +113,59 @@ typedef struct _acism_trie_node_t } acism_trie_node_t; +#if __LONG_WIDTH__ < 64 + /* Cellule du tableau compressé final */ -typedef union _acism_state_t +typedef struct _acism_state_t { - uint32_t raw; /* Valeur brute */ - - struct + union { - union + /* Indice 0 */ + struct { - /* Indice 0 */ - struct - { - unsigned int match : 1; /* Correspondance ici */ - unsigned int suffix : 1; /* Correspondance ailleurs */ - unsigned int unused : 4; /* Espace encore disponible */ - unsigned int atom_size : 3; /* Taille d'atome représenté */ - }; - - /* Indice 1 et + */ - unsigned int code : 9; /* Position depuis la base */ - + unsigned int match : 1; /* Correspondance ici */ + unsigned int unused : 4; /* Espace encore disponible */ + unsigned int atom_size : 3; /* Taille d'atome représenté */ + unsigned int suffix : 1; /* Correspondance ailleurs */ }; - unsigned int index : 23; /* Indice de saut */ + /* Indice 1 et + */ + unsigned int code : 9; /* Position depuis la base */ }; + unsigned int index : 23; /* Indice de saut */ + } acism_state_t; +#else + +/* Cellule du tableau compressé final */ +typedef union _acism_state_t +{ + /* Indice 0 */ + struct + { + uint8_t match : 1; /* Correspondance ici */ + uint8_t single_source : 1; /* Unique source à notifier */ + uint8_t atom_size; /* Indice de saut */ + uint8_t suffix : 1; /* Correspondance ailleurs */ + }; + + /* Indice 1 et + */ + uint32_t code; /* Position depuis la base */ + + /* Tous */ + struct + { + uint32_t any; /* Saut de bits */ + uint32_t index; /* Indice de saut */ + }; + +} acism_state_t; + +#endif + /* Méthode de recherche basée sur l'algorithme Acism (instance) */ struct _GAcismBackend { @@ -144,7 +190,7 @@ struct _GAcismBackend bitfield_t *bitmap_usage; /* Localisation des usages */ acism_state_t *states; /* Tableau de transitions */ - patid_t *pids; /* Identifiants de motifs */ + uint32_t *coverages; /* Bornes de suivi de positions*/ }; diff --git a/src/analysis/scan/patterns/backends/acism.c b/src/analysis/scan/patterns/backends/acism.c index 97f8561..53bad11 100644 --- a/src/analysis/scan/patterns/backends/acism.c +++ b/src/analysis/scan/patterns/backends/acism.c @@ -37,10 +37,10 @@ /* ---------------------- IMPLANTATION D'UNE NOUVELLE APPROCHE ---------------------- */ -/* Initialise la classe des méthodes basée sur Bitmap. */ +/* Initialise la classe des méthodes basée sur ACISM. */ static void g_acism_backend_class_init(GAcismBackendClass *); -/* Initialise une instance de méthodes basée sur Bitmap. */ +/* Initialise une instance de méthodes basée sur ACISM. */ static void g_acism_backend_init(GAcismBackend *); /* Supprime toutes les références externes. */ @@ -58,10 +58,10 @@ static void g_acism_backend_finalize(GAcismBackend *); size_t g_acism_backend_get_atom_max_size(const GAcismBackend *); /* Intègre un motif limité de contenu à rechercher. */ -static patid_t g_acism_backend_setup_for(GAcismBackend *, GScanContext *, const uint8_t *, size_t); +static void g_acism_backend_setup_for(GAcismBackend *, const uint8_t *, size_t, uint32_t [2]); /* Inscrit dans le moteur une chaîne de caractères à rechercher. */ -static patid_t g_acism_backend_enroll_plain_pattern(GAcismBackend *, GScanContext *, const uint8_t *, size_t); +static bool g_acism_backend_enroll_plain_pattern(GAcismBackend *, const uint8_t *, size_t, uint32_t [2]); #ifdef __USE_BYTE_FREQ @@ -93,7 +93,13 @@ static void g_acism_backend_prepare_interleave_array(GAcismBackend *); static void g_acism_backend_build_interleave_array(GAcismBackend *); /* Met en ordre les derniers détails avant un premier scan. */ -static void g_acism_backend_warm_up(GAcismBackend *); +static bool g_acism_backend_warm_up(GAcismBackend *); + +/* Récupère les identifiants finaux pour un motif recherché. */ +static patid_t g_acism_backend_build_plain_pattern_id(const GAcismBackend *, const uint32_t [2]); + +/* Détermine le nombre d'identifiants constitués. */ +static size_t g_acism_backend_count_plain_pattern_ids(const GAcismBackend *); /* Parcours un contenu binaire à la recherche de motifs. */ static void g_acism_backend_run_scan(const GAcismBackend *, GScanContext *); @@ -119,7 +125,7 @@ G_DEFINE_TYPE(GAcismBackend, g_acism_backend, G_TYPE_ENGINE_BACKEND); * * * Paramètres : klass = classe à initialiser. * * * -* Description : Initialise la classe des méthodes basée sur Bitmap. * +* Description : Initialise la classe des méthodes basée sur ACISM. * * * * Retour : - * * * @@ -142,6 +148,8 @@ static void g_acism_backend_class_init(GAcismBackendClass *klass) backend->get_max_size = (get_backend_atom_max_size_fc)g_acism_backend_get_atom_max_size; backend->enroll_plain = (enroll_plain_into_backend_fc)g_acism_backend_enroll_plain_pattern; backend->warm_up = (warm_up_backend_fc)g_acism_backend_warm_up; + backend->build_id = (build_backend_plain_pattern_id_fc)g_acism_backend_build_plain_pattern_id; + backend->count_ids = (count_backend_plain_pattern_ids_fc)g_acism_backend_count_plain_pattern_ids; backend->run_scan = (run_backend_scan_fc)g_acism_backend_run_scan; backend->output = (output_backend_stats_fc)g_acism_backend_output_stats; @@ -152,7 +160,7 @@ static void g_acism_backend_class_init(GAcismBackendClass *klass) * * * Paramètres : backend = instance à initialiser. * * * -* Description : Initialise une instance de méthodes basée sur Bitmap. * +* Description : Initialise une instance de méthodes basée sur ACISM. * * * * Retour : - * * * @@ -217,6 +225,21 @@ static void g_acism_backend_dispose(GAcismBackend *backend) static void g_acism_backend_finalize(GAcismBackend *backend) { + if (backend->sources != NULL) + free(backend->sources); + + if (backend->nodes != NULL) + free(backend->nodes); + + if (backend->bitmap_usage != NULL) + delete_bit_field(backend->bitmap_usage); + + if (backend->states != NULL) + free(backend->states); + + if (backend->coverages != NULL) + free(backend->coverages); + G_OBJECT_CLASS(g_acism_backend_parent_class)->finalize(G_OBJECT(backend)); } @@ -277,9 +300,9 @@ size_t g_acism_backend_get_atom_max_size(const GAcismBackend *backend) /****************************************************************************** * * * Paramètres : backend = moteur de recherche à préparer. * -* context = contexte de l'analyse à mener. * -* plain = chaîne de caractères classique à intégrer. * +* pattern = chaîne de caractères classique à intégrer. * * len = taille de cette chaîne. * +* tmp_id = identifiants temporaires vers le motif. [OUT] * * * * Description : Intègre un motif limité de contenu à rechercher. * * * @@ -289,74 +312,54 @@ size_t g_acism_backend_get_atom_max_size(const GAcismBackend *backend) * * ******************************************************************************/ -static patid_t g_acism_backend_setup_for(GAcismBackend *backend, GScanContext *context, const uint8_t *pattern, size_t len) +static void g_acism_backend_setup_for(GAcismBackend *backend, const uint8_t *pattern, size_t len, uint32_t tmp_id[2]) { - patid_t result; /* Identifiant à retourner */ - size_t i; /* Boucle de parcours */ - int ret; /* Bilan d'une comparaison */ + size_t current; /* Indice de source courante */ acism_source_t *source; /* Définition à mémoriser */ - result = INVALID_PATTERN_ID; - - /*Recherche d'un motif déjà sollicité */ - /** - * '\x00\x00\x00\x00abcd1234' '\x01\x01\x01\x01abcd1234' peuvent en effet - * constituer deux cibles différentes, mais elles comportent normalement - * la même séquence atomique à rechercher : 'abcd1234'. + * Les motifs '\x00\x00\x00\x00abcd1234' et '\x01\x01\x01\x01abcd1234' + * peuvent constituer deux cibles différentes, mais ils comportent + * normalement la même séquence atomique à rechercher : 'abcd1234'. + * + * Chaque motif 'abcd1234' proposé est enregistré ici, et se verra in fine + * attribuer un identifiant propre. Le regroupement des motifs identiques + * et la constitution des identifiants finaux sont réalisés au moment de la + * construction de l'arborescence de recherche. */ - for (i = 0; i < backend->sources_count; i++) - { - source = backend->sources + i; + /* Pré-inscription pour l'extérieur */ - if (source->len != len) - continue; + current = backend->sources_count; - ret = memcmp(source->atoms, pattern, len); + tmp_id[0] = current; + tmp_id[1] = 0; /* Non utilisé */ - if (ret == 0) - { - result = source->pid; - break; - } - - } - - /* Introduction d'un nouveau motif au besoin */ - - if (result == INVALID_PATTERN_ID) - { - backend->sources = realloc(backend->sources, ++backend->sources_count * sizeof(acism_source_t)); + /* Inscription en interne */ - source = &backend->sources[backend->sources_count - 1]; + backend->sources = realloc(backend->sources, ++backend->sources_count * sizeof(acism_source_t)); - source->atoms = pattern; - source->len = len; + source = &backend->sources[current]; - result = g_scan_context_get_new_pattern_id(context); - source->pid = result; + source->atoms = pattern; + source->len = len; - backend->nchars += len; + backend->nchars += len; #ifdef __USE_BYTE_FREQ - for (i = 0; i < len; i++) - backend->frequencies[pattern[i]].frequency++; + for (i = 0; i < len; i++) + backend->frequencies[pattern[i]].frequency++; #endif - } - - return result; - } /****************************************************************************** * * * Paramètres : backend = moteur de recherche à manipuler. * -* context = contexte de l'analyse à mener. * * plain = chaîne de caractères classique à intégrer. * * len = taille de cette chaîne. * +* tmp_id = identifiants temporaires vers le motif. [OUT] * * * * Description : Inscrit dans le moteur une chaîne de caractères à rechercher.* * * @@ -366,12 +369,14 @@ static patid_t g_acism_backend_setup_for(GAcismBackend *backend, GScanContext *c * * ******************************************************************************/ -static patid_t g_acism_backend_enroll_plain_pattern(GAcismBackend *backend, GScanContext *context, const uint8_t *plain, size_t len) +static bool g_acism_backend_enroll_plain_pattern(GAcismBackend *backend, const uint8_t *plain, size_t len, uint32_t tmp_id[2]) { - patid_t result; /* Identifiant à retourner */ + bool result; /* Bilan à retourner */ assert(len <= ACSIM_ATOM_SIZE); + result = true; + /** * Le traitement différé des chaînes à rechercher permet deux choses : * - la construction d'une table de permutation ; @@ -390,7 +395,7 @@ static patid_t g_acism_backend_enroll_plain_pattern(GAcismBackend *backend, GSca * moindre coût un jour. */ - result = g_acism_backend_setup_for(backend, context, plain, len); + g_acism_backend_setup_for(backend, plain, len, tmp_id); return result; @@ -460,7 +465,6 @@ static void g_acism_backend_define_codes(GAcismBackend *backend) /* 0 == racine */ backend->codes_count++; -#if 0 for (i = 0, iter = backend->frequencies; i < 256; i++, iter++) { if (iter->frequency == 0) @@ -469,10 +473,6 @@ static void g_acism_backend_define_codes(GAcismBackend *backend) backend->codes_for_bytes[iter->rank] = backend->codes_count++; } -#else - for (i = 0; i < 256; i++) - backend->codes_for_bytes[i] = backend->codes_count++; -#endif } @@ -501,6 +501,7 @@ static void g_acism_backend_build_trie(GAcismBackend *backend) size_t k; /* Boucle de parcours #2 */ acism_code_t code; /* Identifiant de symbole */ acism_trie_node_t *parent; /* Sauvegarde d'un accès */ + uint32_t current_start; /* Indice de gestionnaire */ backend->nodes = calloc(backend->nchars + 1, sizeof(acism_trie_node_t)); @@ -518,6 +519,8 @@ static void g_acism_backend_build_trie(GAcismBackend *backend) source = &backend->sources[i]; + /* Parcours des noeuds contenus */ + for (k = 0; k < source->len && node->child != NULL; k++) { #ifdef __USE_BYTE_FREQ @@ -579,36 +582,91 @@ static void g_acism_backend_build_trie(GAcismBackend *backend) } - /* Creéation d'une nouvelle branche avec le reliquat */ - for (; k < source->len; k++) + /* Si un atome (partiellement ?) identique a déjà été inscrit */ + if (k == source->len) + { + /** + * L'atome déjà inscrit est plus long, et on se trouve ici dans le + * parcours de l'arborescence qui mène à sa conclusion, sans + * inscription d'une fin de parcours au point courant. + */ + if (node->matched_atom == 0) + goto register_leaf; + + /** + * Rattachement au motif strictement identique. + */ + else + { + assert(backend->sources[node->matched_atom - 1].is_first); + + source->is_first = false; + source->first_source = node->matched_atom - 1; + source->index = backend->sources[source->first_source].coverage[SOURCE_COVERAGE_COUNT]++; + + } + + } + + else { + /* Creéation d'une nouvelle branche avec le reliquat */ + for (; k < source->len; k++) + { #ifdef __USE_BYTE_FREQ - code = backend->codes_for_bytes[source->atoms[k]]; + code = backend->codes_for_bytes[source->atoms[k]]; #else - code = 1 + source->atoms[k]; + code = 1 + source->atoms[k]; #endif - next->parent = node; - next->suffix_link = node; - next->data = source->atoms[k]; - next->code = code; + next->parent = node; + next->suffix_link = node; + next->data = source->atoms[k]; + next->code = code; + + node->child = next++; + + if (code < node->min_child_code) node->min_child_code = code; + if (code > node->max_child_code) node->max_child_code = code; + node->children_count++; - node->child = next++; + node = node->child; - if (code < node->min_child_code) node->min_child_code = code; - if (code > node->max_child_code) node->max_child_code = code; - node->children_count++; + } - node = node->child; + register_leaf: - } + node->matched_atom = i + 1; - node->matched_atom = i + 1; + source->is_first = true; + source->coverage[SOURCE_COVERAGE_COUNT] = 1; + + } } backend->nodes_used = next - backend->nodes; + /* Construction des bases pour identifiants */ + + current_start = 0; + + for (i = 0; i < backend->sources_count; i++) + { + source = &backend->sources[i]; + + if (source->is_first) + { + source->coverage[SOURCE_COVERAGE_START] = current_start; + + current_start += source->coverage[SOURCE_COVERAGE_COUNT]; + + } + + } + + assert(current_start == backend->sources_count); + } @@ -743,9 +801,6 @@ static int compare_node_according_to_code_range(const acism_trie_node_t **a, con if (result == 0) result = sort_unsigned_long(_b->children_count, _a->children_count); - - - } return result; @@ -780,13 +835,16 @@ static void g_acism_backend_prepare_interleave_array(GAcismBackend *backend) size_t last_free_state; /* Dernier emplacement dispo. */ size_t full_size; /* Cartographie entière */ bitfield_t *global_usage; /* Cartographie des usages */ +#ifndef NDEBUG + size_t pops[3]; /* Décomptes individuels */ + size_t bsum; /* Somme de tous les bits */ +#endif bitfield_t *usage; /* Cartographie locale */ acism_trie_node_t *node; /* Noeud en cours de traitement*/ + size_t highest; /* Poids du bit le plus fort */ acism_trie_node_t *iter; /* Boucle de parcours #2 */ + size_t first_freedom_word; /* Premier mot avec des dispos.*/ size_t free_state; /* Emplacement libre trouvé */ - bool found; /* Bilan de recherche */ - - size_t bsum; /* Préparation de la liste de noeuds à inscrire */ @@ -808,8 +866,16 @@ static void g_acism_backend_prepare_interleave_array(GAcismBackend *backend) full_size = last_free_state + 257; global_usage = create_bit_field(full_size, false); +#ifndef NDEBUG + + pops[0] = 0; + pops[1] = 0; + pops[2] = 0; + bsum = 0; +#endif + usage = create_bit_field(257, false); for (i = 0; i < backend->nodes_used; i++) @@ -822,26 +888,49 @@ static void g_acism_backend_prepare_interleave_array(GAcismBackend *backend) /* Préparation du masque du noeud */ + truncate_bit_field(&usage, 257); + reset_all_in_bit_field(usage); set_in_bit_field(usage, 0, 1); +#ifndef NDEBUG + pops[0]++; +#endif + + highest = 0; + for (iter = node->child; iter != NULL; iter = iter->sibling) + { set_in_bit_field(usage, iter->code, 1); +#ifndef NDEBUG + pops[0]++; +#endif + + if (iter->code > highest) + highest = iter->code; + + } + +#ifndef NDEBUG + pops[1] += popcount_for_bit_field(usage); +#endif + assert(popcount_for_bit_field(usage) == (node->children_count + 1)); + truncate_bit_field(&usage, ++highest); + /* Recherche d'une position idéale */ if (i == 0) + { + first_freedom_word = 0; free_state = 0; + } else - for (free_state = 1; free_state < last_free_state; free_state++) - { - found = test_zeros_within_bit_field(global_usage, free_state, usage); - if (found) break; - } + free_state = find_interleaving_index_for_acism(global_usage, usage, &first_freedom_word); /* Suivi global */ @@ -849,8 +938,10 @@ static void g_acism_backend_prepare_interleave_array(GAcismBackend *backend) or_bit_field_at(global_usage, usage, free_state); +#ifndef NDEBUG bsum += node->children_count + 1; assert(popcount_for_bit_field(global_usage) == bsum); +#endif node->state_index = free_state; @@ -865,6 +956,15 @@ static void g_acism_backend_prepare_interleave_array(GAcismBackend *backend) /* Sotie encadrée */ +#ifndef NDEBUG + + pops[2] = popcount_for_bit_field(global_usage); + + assert(pops[0] == pops[1]); + assert(pops[0] == pops[2]); + +#endif + backend->bitmap_usage = global_usage; delete_bit_field(usage); @@ -901,10 +1001,10 @@ static void g_acism_backend_prepare_interleave_array(GAcismBackend *backend) bitfield_t *usage; /* Cartographie locale */ size_t rd_pos; /* Tête de lecture */ size_t wr_pos; /* Tête d'écriture */ + size_t first_freedom_word; /* Premier mot avec des dispos.*/ acism_trie_node_t *node; /* Noeud à traiter */ acism_trie_node_t *iter; /* Boucle de parcours */ size_t free_state; /* Emplacement libre trouvé */ - bool found; /* Bilan de recherche */ max_pos = backend->nodes_used; @@ -937,6 +1037,8 @@ static void g_acism_backend_prepare_interleave_array(GAcismBackend *backend) rd_pos++; + first_freedom_word = 0; + /* Suivi des liens déjà en place */ while (rd_pos < max_pos) @@ -961,11 +1063,7 @@ static void g_acism_backend_prepare_interleave_array(GAcismBackend *backend) /* Recherche d'une position idéale */ - for (free_state = 1; free_state < last_free_state; free_state++) - { - found = test_zeros_within_bit_field(global_usage, free_state, usage); - if (found) break; - } + free_state = find_interleaving_index_for_acism(global_usage, usage, &first_freedom_word); /* Suivi global */ @@ -1016,6 +1114,8 @@ static void g_acism_backend_build_interleave_array(GAcismBackend *backend) size_t i; /* Boucle de parcours #1 */ acism_trie_node_t *node; /* Noeud à transcrire */ acism_state_t *base; /* Base d'une série de cellules*/ + uint32_t *coverage; /* Couverture des inscriptions */ + acism_source_t *source; /* Définition originelle */ acism_trie_node_t *iter; /* Sous-noeud à inscrire #2 */ acism_trie_node_t *child; /* Sous-noeud à inscrire #3 */ uint16_t offset; /* Décalage local */ @@ -1023,7 +1123,7 @@ static void g_acism_backend_build_interleave_array(GAcismBackend *backend) maxsize = get_bit_field_size(backend->bitmap_usage); backend->states = calloc(maxsize, sizeof(acism_state_t)); - backend->pids = calloc(maxsize, sizeof(patid_t)); + backend->coverages = calloc(maxsize, 2 * sizeof(uint32_t)); for (i = 0; i < backend->nodes_used; i++) { @@ -1035,10 +1135,17 @@ static void g_acism_backend_build_interleave_array(GAcismBackend *backend) if (node->matched_atom > 0) { + source = &backend->sources[node->matched_atom - 1]; + base[0].match = 1; - base[0].atom_size = backend->sources[node->matched_atom - 1].len; + base[0].single_source = source->coverage[SOURCE_COVERAGE_COUNT] == 1 ? 1 : 0; + base[0].atom_size = backend->sources[node->matched_atom - 1].len - 1; + + coverage = &backend->coverages[node->state_index * 2]; - backend->pids[node->state_index] = backend->sources[node->matched_atom - 1].pid; + coverage[SOURCE_COVERAGE_START] = source->coverage[SOURCE_COVERAGE_START]; + coverage[SOURCE_COVERAGE_END] = coverage[SOURCE_COVERAGE_START] \ + + source->coverage[SOURCE_COVERAGE_COUNT]; for (iter = node->parent->suffix_link; iter != NULL; iter = iter->suffix_link) { @@ -1055,6 +1162,7 @@ static void g_acism_backend_build_interleave_array(GAcismBackend *backend) } } + base[0].index = i == 0 ? 0 : node->suffix_link->state_index; for (child = node->child; child != NULL; child = child->sibling) @@ -1080,14 +1188,18 @@ static void g_acism_backend_build_interleave_array(GAcismBackend *backend) * * * Description : Met en ordre les derniers détails avant un premier scan. * * * -* Retour : - * +* Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ -static void g_acism_backend_warm_up(GAcismBackend *backend) +static bool g_acism_backend_warm_up(GAcismBackend *backend) { + bool result; /* Bilan à retourner */ + + result = true; + #ifdef __USE_BYTE_FREQ /** @@ -1101,6 +1213,10 @@ static void g_acism_backend_warm_up(GAcismBackend *backend) /** * Construit une arborescence de lecture à partir des différents * octets présents dans les motifs. + * + * Les couvertures des futurs tableaux de correspondances sont + * établies au passage, ouvrant la voie aux définitions d'identifiant + * pour les motifs enregistrés. */ g_acism_backend_build_trie(backend); @@ -1118,6 +1234,76 @@ static void g_acism_backend_warm_up(GAcismBackend *backend) g_acism_backend_build_interleave_array(backend); + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à manipuler. * +* tmp_id = identifiants temporaires vers le motif. [OUT] * +* * +* Description : Récupère les identifiants finaux pour un motif recherché. * +* * +* Retour : Identifiant constitué ou INVALID_PATTERN_ID en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static patid_t g_acism_backend_build_plain_pattern_id(const GAcismBackend *backend, const uint32_t tmp_id[2]) +{ + patid_t result; /* Identifiant à retourner */ + acism_source_t *source; /* Motif d'origine concerné */ + acism_source_t *reference; /* Renvoi vers un même motif */ + + assert(tmp_id[0] < backend->sources_count); + + /** + * L'indicateur tmp_id[1] n'est pas utilisé ici. + */ + + source = backend->sources + tmp_id[0]; + + if (source->is_first) + result = source->coverage[SOURCE_COVERAGE_START]; + + else + { + reference = backend->sources + source->first_source; + + assert(source->index < reference->coverage[SOURCE_COVERAGE_COUNT]); + + result = reference->coverage[SOURCE_COVERAGE_START] + source->index; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à manipuler. * +* * +* Description : Détermine le nombre d'identifiants constitués. * +* * +* Retour : Quantité de gestionnaires de suivi à prévoir. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static size_t g_acism_backend_count_plain_pattern_ids(const GAcismBackend *backend) +{ + size_t result; /* Quantité à retourner */ + + result = backend->sources_count; + + return result; + } @@ -1141,15 +1327,20 @@ static void g_acism_backend_run_scan(const GAcismBackend *backend, GScanContext vmpa2t pos; /* Point de départ ciblé */ const bin_t *data; /* Données à analyser */ #ifdef __USE_BYTE_FREQ - acism_code_t *codes_for_bytes; + acism_code_t codes_for_bytes[256]; /* Copie des codes d'accès */ #endif acism_state_t *root; /* Racine de l'arborescence */ - acism_state_t *state; /* Tête de lecture courante */ + uint32_t *coverages; /* Bornes de suivi de positions*/ + unsigned int state; /* Tête de lecture courante */ phys_t i; /* Boucle de parcours #1 */ acism_code_t code; /* Code du caractère courant */ - acism_state_t *next; /* Prochaine tête à valider */ - acism_state_t *iter; /* Boucle de parcours #2 */ - acism_state_t *test; /* Test de validité alternative*/ + unsigned int next; /* Prochaine tête à valider */ + acism_state_t next_state; /* Prochaine tête à valider */ + uint32_t k; /* Boucle de parcours #2 */ + uint32_t final_k; /* Dernier indice à traiter */ + unsigned int iter; /* Boucle de parcours #3 */ + acism_state_t test_state; /* Test de validité alternative*/ + acism_state_t sub_state; /* Test de validité alternative*/ content = g_scan_context_get_content(context); @@ -1161,18 +1352,20 @@ static void g_acism_backend_run_scan(const GAcismBackend *backend, GScanContext /* Suivi via l'arborescence aplatie */ #ifdef __USE_BYTE_FREQ - codes_for_bytes = backend->codes_for_bytes; + memcpy(&codes_for_bytes, backend->codes_for_bytes, 256 * sizeof(acism_code_t)); #endif root = backend->states; if (root == NULL) goto done; - state = root; + coverages = backend->coverages; + + state = ROOT_STATE_INDEX; for (i = 0; i < dlen; i++) { #ifdef __USE_BYTE_FREQ - code = 1 + codes_for_bytes[data[i]]; + code = codes_for_bytes[data[i]]; #else code = 1 + data[i]; #endif @@ -1183,12 +1376,15 @@ static void g_acism_backend_run_scan(const GAcismBackend *backend, GScanContext next = state + code; - if (next->code == code) - next = root + next->index; + if (root[next].code == code) + { + next = root[next].index; + next_state = root[next]; + } - else if (state != root) + else if (state != ROOT_STATE_INDEX) { - state = root + state->index; + state = root[state].index; goto retry; } @@ -1197,35 +1393,59 @@ static void g_acism_backend_run_scan(const GAcismBackend *backend, GScanContext /* Remontée d'éventuels résultats */ - if (next->match) + if (next_state.match) { - g_scan_context_register_atom_match(context, - backend->pids[next - root], - i + 1 - next->atom_size); + k = coverages[next * 2 + SOURCE_COVERAGE_START]; + + if (next_state.single_source) + g_scan_context_store_atom_match_end(context, k, i); + //g_umem_slice_put_uint64(matches[0/*k*/], i - next_state.atom_size); - if (next->suffix) + else { - for (iter = root + state->index; ; iter = root + iter->index) + final_k = coverages[next * 2 + SOURCE_COVERAGE_END]; + + for (; k < final_k; k++) + g_scan_context_store_atom_match_end(context, k, i); + //g_umem_slice_put_uint64(matches[0/*k*/], i - next_state.atom_size); + + } + + if (next_state.suffix) + { + for (iter = root[state].index; ; iter = root[iter].index) { - test = iter + code; + test_state = root[iter + code]; - if (test->code == code) + if (test_state.code == code) { - test = root + test->index; + sub_state = root[test_state.index]; - if (test->match) + if (sub_state.match) { - assert(test->atom_size < next->atom_size); + assert(sub_state.atom_size < next_state.atom_size); + + k = coverages[test_state.index * 2 + SOURCE_COVERAGE_START]; + + if (sub_state.single_source) + g_scan_context_store_atom_match_end(context, k, i); + //g_umem_slice_put_uint64(matches[0/*k*/], i - sub_state.atom_size); + + else + { + final_k = coverages[test_state.index * 2 + SOURCE_COVERAGE_END]; + + for (; k < final_k; k++) + g_scan_context_store_atom_match_end(context, k, i); + //g_umem_slice_put_uint64(matches[0/*k*/], i - sub_state.atom_size); - g_scan_context_register_atom_match(context, - backend->pids[test - root], - i + 1 - test->atom_size); + } } } - if (iter == root) + if (iter == ROOT_STATE_INDEX) break; } diff --git a/src/analysis/scan/patterns/backends/bitap.c b/src/analysis/scan/patterns/backends/bitap.c index 99e16e5..af50c6d 100644 --- a/src/analysis/scan/patterns/backends/bitap.c +++ b/src/analysis/scan/patterns/backends/bitap.c @@ -517,7 +517,7 @@ static patid_t enroll_plain_pattern_avx2(GBitapBackend *backend, GScanContext *c last->m[n] = plen; - result = g_scan_context_get_new_pattern_id(context); + result = 0; // FIXME g_scan_context_get_new_pattern_id(context); last->found_id[n] = result; @@ -934,9 +934,11 @@ static void run_scan_avx2(const GBitapBackend *backend, GScanContext *context, c { //assert((i + 1) >= group.m[j]); + /** TODO : update call g_scan_context_register_atom_match(context, group.found_id[j], (iter - data) + 1 - group.m[j]); + **/ } @@ -1108,9 +1110,11 @@ static void run_scan_avx2(const GBitapBackend *backend, GScanContext *context, c { //assert((i + 1) >= group.m[j]); + /** TODO : update call g_scan_context_register_atom_match(context, group.found_id[j], (iter - data) + 1 - group.m[j]); + **/ } @@ -1617,7 +1621,7 @@ static patid_t enroll_plain_pattern_avx512(GBitapBackend *backend, GScanContext last->m[n] = plen; - result = g_scan_context_get_new_pattern_id(context); + result = 0; // FIXME g_scan_context_get_new_pattern_id(context); last->found_id[n] = result; @@ -1925,9 +1929,11 @@ static void run_scan_avx512(const GBitapBackend *backend, GScanContext *context, { //assert((i + 1) >= group.m[j]); + /** TODO : update call g_scan_context_register_atom_match(context, group.found_id[j], (iter - data) + 1 - group.m[j]); + **/ } @@ -1946,9 +1952,11 @@ static void run_scan_avx512(const GBitapBackend *backend, GScanContext *context, { //assert((i + 1) >= group.m[j]); + /** TODO : update call g_scan_context_register_atom_match(context, _group->found_id[j], (iter - data) + 1 - _group->m[j]); + **/ } diff --git a/src/analysis/scan/patterns/backends/hyperscan-int.h b/src/analysis/scan/patterns/backends/hyperscan-int.h new file mode 100644 index 0000000..31d271b --- /dev/null +++ b/src/analysis/scan/patterns/backends/hyperscan-int.h @@ -0,0 +1,67 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * hyperscan-int.h - prototypes internes pour la méthode de recherche basée sur la bibliothèque Hyperscan d'Intel + * + * Copyright (C) 2024 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_PATTERNS_BACKENDS_HYPERSCAN_INT_H +#define _ANALYSIS_SCAN_PATTERNS_BACKENDS_HYPERSCAN_INT_H + + +#include "hyperscan.h" + + +#include "../backend-int.h" + + + +#define EXPR_COVERAGE_START 0 +#define EXPR_COVERAGE_COUNT 1 +#define EXPR_COVERAGE_END 1 + + +/* Méthode de recherche basée sur une bibliothèque d'Intel : Hyperscan (instance) */ +struct _GHyperscanBackend +{ + GEngineBackend parent; /* A laisser en premier */ + + const uint8_t **atoms; /* Motif remarquable */ + size_t *lengths; /* Nombre d'octets considérés */ + uint32_t *coverages; /* Départ et quantité de suivis*/ + size_t allocated; /* Nombre d'éléments alloués */ + size_t used; /* Nombre d'éléments utiles */ + + unsigned int *lit_ids; /* Identifiants internes */ + + hs_database_t *database; /* Compilation d'éléments */ + hs_scratch_t *scratch; /* Espace de travail */ + +}; + +/* Méthode de recherche basée sur une bibliothèque d'Intel : Hyperscan (classe) */ +struct _GHyperscanBackendClass +{ + GEngineBackendClass parent; /* A laisser en premier */ + +}; + + + +#endif /* _ANALYSIS_SCAN_PATTERNS_BACKENDS_HYPERSCAN_INT_H */ diff --git a/src/analysis/scan/patterns/backends/hyperscan.c b/src/analysis/scan/patterns/backends/hyperscan.c new file mode 100644 index 0000000..40a7372 --- /dev/null +++ b/src/analysis/scan/patterns/backends/hyperscan.c @@ -0,0 +1,1063 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * hyperscan.c - méthode de recherche basée sur la bibliothèque Hyperscan d'Intel + * + * Copyright (C) 2024 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "hyperscan.h" + + +#include <hs.h> +#include <string.h> + + +#include <i18n.h> + + +#include "hyperscan-int.h" +#include "../../../../core/logs.h" +#include "../../../../glibext/umemslice.h" /* REMME */ + + + +/* ---------------------- IMPLANTATION D'UNE NOUVELLE APPROCHE ---------------------- */ + + +/* Initialise la classe des méthodes basée sur Hyperscan. */ +static void g_hyperscan_backend_class_init(GHyperscanBackendClass *); + +/* Initialise une instance de méthodes basée sur Hyperscan. */ +static void g_hyperscan_backend_init(GHyperscanBackend *); + +/* Supprime toutes les références externes. */ +static void g_hyperscan_backend_dispose(GHyperscanBackend *); + +/* Procède à la libération totale de la mémoire. */ +static void g_hyperscan_backend_finalize(GHyperscanBackend *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/** + * for i in range(int(8192 / 25) + 1): + * print(','.join([ '% 5u' % (i * 25 + k) for k in range(25) ]) + ',') + */ +static const unsigned int __cached_ids[8200] = { + + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, + 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, + 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, + 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, + 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, + 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, + 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, + 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, + 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, + 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, + 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, + 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, + 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, + 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, 684, 685, 686, 687, 688, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, + 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, + 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, 763, 764, 765, 766, 767, 768, 769, 770, 771, 772, 773, 774, + 775, 776, 777, 778, 779, 780, 781, 782, 783, 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, 798, 799, + 800, 801, 802, 803, 804, 805, 806, 807, 808, 809, 810, 811, 812, 813, 814, 815, 816, 817, 818, 819, 820, 821, 822, 823, 824, + 825, 826, 827, 828, 829, 830, 831, 832, 833, 834, 835, 836, 837, 838, 839, 840, 841, 842, 843, 844, 845, 846, 847, 848, 849, + 850, 851, 852, 853, 854, 855, 856, 857, 858, 859, 860, 861, 862, 863, 864, 865, 866, 867, 868, 869, 870, 871, 872, 873, 874, + 875, 876, 877, 878, 879, 880, 881, 882, 883, 884, 885, 886, 887, 888, 889, 890, 891, 892, 893, 894, 895, 896, 897, 898, 899, + 900, 901, 902, 903, 904, 905, 906, 907, 908, 909, 910, 911, 912, 913, 914, 915, 916, 917, 918, 919, 920, 921, 922, 923, 924, + 925, 926, 927, 928, 929, 930, 931, 932, 933, 934, 935, 936, 937, 938, 939, 940, 941, 942, 943, 944, 945, 946, 947, 948, 949, + 950, 951, 952, 953, 954, 955, 956, 957, 958, 959, 960, 961, 962, 963, 964, 965, 966, 967, 968, 969, 970, 971, 972, 973, 974, + 975, 976, 977, 978, 979, 980, 981, 982, 983, 984, 985, 986, 987, 988, 989, 990, 991, 992, 993, 994, 995, 996, 997, 998, 999, + 1000, 1001, 1002, 1003, 1004, 1005, 1006, 1007, 1008, 1009, 1010, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, 1022, 1023, 1024, + 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1032, 1033, 1034, 1035, 1036, 1037, 1038, 1039, 1040, 1041, 1042, 1043, 1044, 1045, 1046, 1047, 1048, 1049, + 1050, 1051, 1052, 1053, 1054, 1055, 1056, 1057, 1058, 1059, 1060, 1061, 1062, 1063, 1064, 1065, 1066, 1067, 1068, 1069, 1070, 1071, 1072, 1073, 1074, + 1075, 1076, 1077, 1078, 1079, 1080, 1081, 1082, 1083, 1084, 1085, 1086, 1087, 1088, 1089, 1090, 1091, 1092, 1093, 1094, 1095, 1096, 1097, 1098, 1099, + 1100, 1101, 1102, 1103, 1104, 1105, 1106, 1107, 1108, 1109, 1110, 1111, 1112, 1113, 1114, 1115, 1116, 1117, 1118, 1119, 1120, 1121, 1122, 1123, 1124, + 1125, 1126, 1127, 1128, 1129, 1130, 1131, 1132, 1133, 1134, 1135, 1136, 1137, 1138, 1139, 1140, 1141, 1142, 1143, 1144, 1145, 1146, 1147, 1148, 1149, + 1150, 1151, 1152, 1153, 1154, 1155, 1156, 1157, 1158, 1159, 1160, 1161, 1162, 1163, 1164, 1165, 1166, 1167, 1168, 1169, 1170, 1171, 1172, 1173, 1174, + 1175, 1176, 1177, 1178, 1179, 1180, 1181, 1182, 1183, 1184, 1185, 1186, 1187, 1188, 1189, 1190, 1191, 1192, 1193, 1194, 1195, 1196, 1197, 1198, 1199, + 1200, 1201, 1202, 1203, 1204, 1205, 1206, 1207, 1208, 1209, 1210, 1211, 1212, 1213, 1214, 1215, 1216, 1217, 1218, 1219, 1220, 1221, 1222, 1223, 1224, + 1225, 1226, 1227, 1228, 1229, 1230, 1231, 1232, 1233, 1234, 1235, 1236, 1237, 1238, 1239, 1240, 1241, 1242, 1243, 1244, 1245, 1246, 1247, 1248, 1249, + 1250, 1251, 1252, 1253, 1254, 1255, 1256, 1257, 1258, 1259, 1260, 1261, 1262, 1263, 1264, 1265, 1266, 1267, 1268, 1269, 1270, 1271, 1272, 1273, 1274, + 1275, 1276, 1277, 1278, 1279, 1280, 1281, 1282, 1283, 1284, 1285, 1286, 1287, 1288, 1289, 1290, 1291, 1292, 1293, 1294, 1295, 1296, 1297, 1298, 1299, + 1300, 1301, 1302, 1303, 1304, 1305, 1306, 1307, 1308, 1309, 1310, 1311, 1312, 1313, 1314, 1315, 1316, 1317, 1318, 1319, 1320, 1321, 1322, 1323, 1324, + 1325, 1326, 1327, 1328, 1329, 1330, 1331, 1332, 1333, 1334, 1335, 1336, 1337, 1338, 1339, 1340, 1341, 1342, 1343, 1344, 1345, 1346, 1347, 1348, 1349, + 1350, 1351, 1352, 1353, 1354, 1355, 1356, 1357, 1358, 1359, 1360, 1361, 1362, 1363, 1364, 1365, 1366, 1367, 1368, 1369, 1370, 1371, 1372, 1373, 1374, + 1375, 1376, 1377, 1378, 1379, 1380, 1381, 1382, 1383, 1384, 1385, 1386, 1387, 1388, 1389, 1390, 1391, 1392, 1393, 1394, 1395, 1396, 1397, 1398, 1399, + 1400, 1401, 1402, 1403, 1404, 1405, 1406, 1407, 1408, 1409, 1410, 1411, 1412, 1413, 1414, 1415, 1416, 1417, 1418, 1419, 1420, 1421, 1422, 1423, 1424, + 1425, 1426, 1427, 1428, 1429, 1430, 1431, 1432, 1433, 1434, 1435, 1436, 1437, 1438, 1439, 1440, 1441, 1442, 1443, 1444, 1445, 1446, 1447, 1448, 1449, + 1450, 1451, 1452, 1453, 1454, 1455, 1456, 1457, 1458, 1459, 1460, 1461, 1462, 1463, 1464, 1465, 1466, 1467, 1468, 1469, 1470, 1471, 1472, 1473, 1474, + 1475, 1476, 1477, 1478, 1479, 1480, 1481, 1482, 1483, 1484, 1485, 1486, 1487, 1488, 1489, 1490, 1491, 1492, 1493, 1494, 1495, 1496, 1497, 1498, 1499, + 1500, 1501, 1502, 1503, 1504, 1505, 1506, 1507, 1508, 1509, 1510, 1511, 1512, 1513, 1514, 1515, 1516, 1517, 1518, 1519, 1520, 1521, 1522, 1523, 1524, + 1525, 1526, 1527, 1528, 1529, 1530, 1531, 1532, 1533, 1534, 1535, 1536, 1537, 1538, 1539, 1540, 1541, 1542, 1543, 1544, 1545, 1546, 1547, 1548, 1549, + 1550, 1551, 1552, 1553, 1554, 1555, 1556, 1557, 1558, 1559, 1560, 1561, 1562, 1563, 1564, 1565, 1566, 1567, 1568, 1569, 1570, 1571, 1572, 1573, 1574, + 1575, 1576, 1577, 1578, 1579, 1580, 1581, 1582, 1583, 1584, 1585, 1586, 1587, 1588, 1589, 1590, 1591, 1592, 1593, 1594, 1595, 1596, 1597, 1598, 1599, + 1600, 1601, 1602, 1603, 1604, 1605, 1606, 1607, 1608, 1609, 1610, 1611, 1612, 1613, 1614, 1615, 1616, 1617, 1618, 1619, 1620, 1621, 1622, 1623, 1624, + 1625, 1626, 1627, 1628, 1629, 1630, 1631, 1632, 1633, 1634, 1635, 1636, 1637, 1638, 1639, 1640, 1641, 1642, 1643, 1644, 1645, 1646, 1647, 1648, 1649, + 1650, 1651, 1652, 1653, 1654, 1655, 1656, 1657, 1658, 1659, 1660, 1661, 1662, 1663, 1664, 1665, 1666, 1667, 1668, 1669, 1670, 1671, 1672, 1673, 1674, + 1675, 1676, 1677, 1678, 1679, 1680, 1681, 1682, 1683, 1684, 1685, 1686, 1687, 1688, 1689, 1690, 1691, 1692, 1693, 1694, 1695, 1696, 1697, 1698, 1699, + 1700, 1701, 1702, 1703, 1704, 1705, 1706, 1707, 1708, 1709, 1710, 1711, 1712, 1713, 1714, 1715, 1716, 1717, 1718, 1719, 1720, 1721, 1722, 1723, 1724, + 1725, 1726, 1727, 1728, 1729, 1730, 1731, 1732, 1733, 1734, 1735, 1736, 1737, 1738, 1739, 1740, 1741, 1742, 1743, 1744, 1745, 1746, 1747, 1748, 1749, + 1750, 1751, 1752, 1753, 1754, 1755, 1756, 1757, 1758, 1759, 1760, 1761, 1762, 1763, 1764, 1765, 1766, 1767, 1768, 1769, 1770, 1771, 1772, 1773, 1774, + 1775, 1776, 1777, 1778, 1779, 1780, 1781, 1782, 1783, 1784, 1785, 1786, 1787, 1788, 1789, 1790, 1791, 1792, 1793, 1794, 1795, 1796, 1797, 1798, 1799, + 1800, 1801, 1802, 1803, 1804, 1805, 1806, 1807, 1808, 1809, 1810, 1811, 1812, 1813, 1814, 1815, 1816, 1817, 1818, 1819, 1820, 1821, 1822, 1823, 1824, + 1825, 1826, 1827, 1828, 1829, 1830, 1831, 1832, 1833, 1834, 1835, 1836, 1837, 1838, 1839, 1840, 1841, 1842, 1843, 1844, 1845, 1846, 1847, 1848, 1849, + 1850, 1851, 1852, 1853, 1854, 1855, 1856, 1857, 1858, 1859, 1860, 1861, 1862, 1863, 1864, 1865, 1866, 1867, 1868, 1869, 1870, 1871, 1872, 1873, 1874, + 1875, 1876, 1877, 1878, 1879, 1880, 1881, 1882, 1883, 1884, 1885, 1886, 1887, 1888, 1889, 1890, 1891, 1892, 1893, 1894, 1895, 1896, 1897, 1898, 1899, + 1900, 1901, 1902, 1903, 1904, 1905, 1906, 1907, 1908, 1909, 1910, 1911, 1912, 1913, 1914, 1915, 1916, 1917, 1918, 1919, 1920, 1921, 1922, 1923, 1924, + 1925, 1926, 1927, 1928, 1929, 1930, 1931, 1932, 1933, 1934, 1935, 1936, 1937, 1938, 1939, 1940, 1941, 1942, 1943, 1944, 1945, 1946, 1947, 1948, 1949, + 1950, 1951, 1952, 1953, 1954, 1955, 1956, 1957, 1958, 1959, 1960, 1961, 1962, 1963, 1964, 1965, 1966, 1967, 1968, 1969, 1970, 1971, 1972, 1973, 1974, + 1975, 1976, 1977, 1978, 1979, 1980, 1981, 1982, 1983, 1984, 1985, 1986, 1987, 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, + 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024, + 2025, 2026, 2027, 2028, 2029, 2030, 2031, 2032, 2033, 2034, 2035, 2036, 2037, 2038, 2039, 2040, 2041, 2042, 2043, 2044, 2045, 2046, 2047, 2048, 2049, + 2050, 2051, 2052, 2053, 2054, 2055, 2056, 2057, 2058, 2059, 2060, 2061, 2062, 2063, 2064, 2065, 2066, 2067, 2068, 2069, 2070, 2071, 2072, 2073, 2074, + 2075, 2076, 2077, 2078, 2079, 2080, 2081, 2082, 2083, 2084, 2085, 2086, 2087, 2088, 2089, 2090, 2091, 2092, 2093, 2094, 2095, 2096, 2097, 2098, 2099, + 2100, 2101, 2102, 2103, 2104, 2105, 2106, 2107, 2108, 2109, 2110, 2111, 2112, 2113, 2114, 2115, 2116, 2117, 2118, 2119, 2120, 2121, 2122, 2123, 2124, + 2125, 2126, 2127, 2128, 2129, 2130, 2131, 2132, 2133, 2134, 2135, 2136, 2137, 2138, 2139, 2140, 2141, 2142, 2143, 2144, 2145, 2146, 2147, 2148, 2149, + 2150, 2151, 2152, 2153, 2154, 2155, 2156, 2157, 2158, 2159, 2160, 2161, 2162, 2163, 2164, 2165, 2166, 2167, 2168, 2169, 2170, 2171, 2172, 2173, 2174, + 2175, 2176, 2177, 2178, 2179, 2180, 2181, 2182, 2183, 2184, 2185, 2186, 2187, 2188, 2189, 2190, 2191, 2192, 2193, 2194, 2195, 2196, 2197, 2198, 2199, + 2200, 2201, 2202, 2203, 2204, 2205, 2206, 2207, 2208, 2209, 2210, 2211, 2212, 2213, 2214, 2215, 2216, 2217, 2218, 2219, 2220, 2221, 2222, 2223, 2224, + 2225, 2226, 2227, 2228, 2229, 2230, 2231, 2232, 2233, 2234, 2235, 2236, 2237, 2238, 2239, 2240, 2241, 2242, 2243, 2244, 2245, 2246, 2247, 2248, 2249, + 2250, 2251, 2252, 2253, 2254, 2255, 2256, 2257, 2258, 2259, 2260, 2261, 2262, 2263, 2264, 2265, 2266, 2267, 2268, 2269, 2270, 2271, 2272, 2273, 2274, + 2275, 2276, 2277, 2278, 2279, 2280, 2281, 2282, 2283, 2284, 2285, 2286, 2287, 2288, 2289, 2290, 2291, 2292, 2293, 2294, 2295, 2296, 2297, 2298, 2299, + 2300, 2301, 2302, 2303, 2304, 2305, 2306, 2307, 2308, 2309, 2310, 2311, 2312, 2313, 2314, 2315, 2316, 2317, 2318, 2319, 2320, 2321, 2322, 2323, 2324, + 2325, 2326, 2327, 2328, 2329, 2330, 2331, 2332, 2333, 2334, 2335, 2336, 2337, 2338, 2339, 2340, 2341, 2342, 2343, 2344, 2345, 2346, 2347, 2348, 2349, + 2350, 2351, 2352, 2353, 2354, 2355, 2356, 2357, 2358, 2359, 2360, 2361, 2362, 2363, 2364, 2365, 2366, 2367, 2368, 2369, 2370, 2371, 2372, 2373, 2374, + 2375, 2376, 2377, 2378, 2379, 2380, 2381, 2382, 2383, 2384, 2385, 2386, 2387, 2388, 2389, 2390, 2391, 2392, 2393, 2394, 2395, 2396, 2397, 2398, 2399, + 2400, 2401, 2402, 2403, 2404, 2405, 2406, 2407, 2408, 2409, 2410, 2411, 2412, 2413, 2414, 2415, 2416, 2417, 2418, 2419, 2420, 2421, 2422, 2423, 2424, + 2425, 2426, 2427, 2428, 2429, 2430, 2431, 2432, 2433, 2434, 2435, 2436, 2437, 2438, 2439, 2440, 2441, 2442, 2443, 2444, 2445, 2446, 2447, 2448, 2449, + 2450, 2451, 2452, 2453, 2454, 2455, 2456, 2457, 2458, 2459, 2460, 2461, 2462, 2463, 2464, 2465, 2466, 2467, 2468, 2469, 2470, 2471, 2472, 2473, 2474, + 2475, 2476, 2477, 2478, 2479, 2480, 2481, 2482, 2483, 2484, 2485, 2486, 2487, 2488, 2489, 2490, 2491, 2492, 2493, 2494, 2495, 2496, 2497, 2498, 2499, + 2500, 2501, 2502, 2503, 2504, 2505, 2506, 2507, 2508, 2509, 2510, 2511, 2512, 2513, 2514, 2515, 2516, 2517, 2518, 2519, 2520, 2521, 2522, 2523, 2524, + 2525, 2526, 2527, 2528, 2529, 2530, 2531, 2532, 2533, 2534, 2535, 2536, 2537, 2538, 2539, 2540, 2541, 2542, 2543, 2544, 2545, 2546, 2547, 2548, 2549, + 2550, 2551, 2552, 2553, 2554, 2555, 2556, 2557, 2558, 2559, 2560, 2561, 2562, 2563, 2564, 2565, 2566, 2567, 2568, 2569, 2570, 2571, 2572, 2573, 2574, + 2575, 2576, 2577, 2578, 2579, 2580, 2581, 2582, 2583, 2584, 2585, 2586, 2587, 2588, 2589, 2590, 2591, 2592, 2593, 2594, 2595, 2596, 2597, 2598, 2599, + 2600, 2601, 2602, 2603, 2604, 2605, 2606, 2607, 2608, 2609, 2610, 2611, 2612, 2613, 2614, 2615, 2616, 2617, 2618, 2619, 2620, 2621, 2622, 2623, 2624, + 2625, 2626, 2627, 2628, 2629, 2630, 2631, 2632, 2633, 2634, 2635, 2636, 2637, 2638, 2639, 2640, 2641, 2642, 2643, 2644, 2645, 2646, 2647, 2648, 2649, + 2650, 2651, 2652, 2653, 2654, 2655, 2656, 2657, 2658, 2659, 2660, 2661, 2662, 2663, 2664, 2665, 2666, 2667, 2668, 2669, 2670, 2671, 2672, 2673, 2674, + 2675, 2676, 2677, 2678, 2679, 2680, 2681, 2682, 2683, 2684, 2685, 2686, 2687, 2688, 2689, 2690, 2691, 2692, 2693, 2694, 2695, 2696, 2697, 2698, 2699, + 2700, 2701, 2702, 2703, 2704, 2705, 2706, 2707, 2708, 2709, 2710, 2711, 2712, 2713, 2714, 2715, 2716, 2717, 2718, 2719, 2720, 2721, 2722, 2723, 2724, + 2725, 2726, 2727, 2728, 2729, 2730, 2731, 2732, 2733, 2734, 2735, 2736, 2737, 2738, 2739, 2740, 2741, 2742, 2743, 2744, 2745, 2746, 2747, 2748, 2749, + 2750, 2751, 2752, 2753, 2754, 2755, 2756, 2757, 2758, 2759, 2760, 2761, 2762, 2763, 2764, 2765, 2766, 2767, 2768, 2769, 2770, 2771, 2772, 2773, 2774, + 2775, 2776, 2777, 2778, 2779, 2780, 2781, 2782, 2783, 2784, 2785, 2786, 2787, 2788, 2789, 2790, 2791, 2792, 2793, 2794, 2795, 2796, 2797, 2798, 2799, + 2800, 2801, 2802, 2803, 2804, 2805, 2806, 2807, 2808, 2809, 2810, 2811, 2812, 2813, 2814, 2815, 2816, 2817, 2818, 2819, 2820, 2821, 2822, 2823, 2824, + 2825, 2826, 2827, 2828, 2829, 2830, 2831, 2832, 2833, 2834, 2835, 2836, 2837, 2838, 2839, 2840, 2841, 2842, 2843, 2844, 2845, 2846, 2847, 2848, 2849, + 2850, 2851, 2852, 2853, 2854, 2855, 2856, 2857, 2858, 2859, 2860, 2861, 2862, 2863, 2864, 2865, 2866, 2867, 2868, 2869, 2870, 2871, 2872, 2873, 2874, + 2875, 2876, 2877, 2878, 2879, 2880, 2881, 2882, 2883, 2884, 2885, 2886, 2887, 2888, 2889, 2890, 2891, 2892, 2893, 2894, 2895, 2896, 2897, 2898, 2899, + 2900, 2901, 2902, 2903, 2904, 2905, 2906, 2907, 2908, 2909, 2910, 2911, 2912, 2913, 2914, 2915, 2916, 2917, 2918, 2919, 2920, 2921, 2922, 2923, 2924, + 2925, 2926, 2927, 2928, 2929, 2930, 2931, 2932, 2933, 2934, 2935, 2936, 2937, 2938, 2939, 2940, 2941, 2942, 2943, 2944, 2945, 2946, 2947, 2948, 2949, + 2950, 2951, 2952, 2953, 2954, 2955, 2956, 2957, 2958, 2959, 2960, 2961, 2962, 2963, 2964, 2965, 2966, 2967, 2968, 2969, 2970, 2971, 2972, 2973, 2974, + 2975, 2976, 2977, 2978, 2979, 2980, 2981, 2982, 2983, 2984, 2985, 2986, 2987, 2988, 2989, 2990, 2991, 2992, 2993, 2994, 2995, 2996, 2997, 2998, 2999, + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015, 3016, 3017, 3018, 3019, 3020, 3021, 3022, 3023, 3024, + 3025, 3026, 3027, 3028, 3029, 3030, 3031, 3032, 3033, 3034, 3035, 3036, 3037, 3038, 3039, 3040, 3041, 3042, 3043, 3044, 3045, 3046, 3047, 3048, 3049, + 3050, 3051, 3052, 3053, 3054, 3055, 3056, 3057, 3058, 3059, 3060, 3061, 3062, 3063, 3064, 3065, 3066, 3067, 3068, 3069, 3070, 3071, 3072, 3073, 3074, + 3075, 3076, 3077, 3078, 3079, 3080, 3081, 3082, 3083, 3084, 3085, 3086, 3087, 3088, 3089, 3090, 3091, 3092, 3093, 3094, 3095, 3096, 3097, 3098, 3099, + 3100, 3101, 3102, 3103, 3104, 3105, 3106, 3107, 3108, 3109, 3110, 3111, 3112, 3113, 3114, 3115, 3116, 3117, 3118, 3119, 3120, 3121, 3122, 3123, 3124, + 3125, 3126, 3127, 3128, 3129, 3130, 3131, 3132, 3133, 3134, 3135, 3136, 3137, 3138, 3139, 3140, 3141, 3142, 3143, 3144, 3145, 3146, 3147, 3148, 3149, + 3150, 3151, 3152, 3153, 3154, 3155, 3156, 3157, 3158, 3159, 3160, 3161, 3162, 3163, 3164, 3165, 3166, 3167, 3168, 3169, 3170, 3171, 3172, 3173, 3174, + 3175, 3176, 3177, 3178, 3179, 3180, 3181, 3182, 3183, 3184, 3185, 3186, 3187, 3188, 3189, 3190, 3191, 3192, 3193, 3194, 3195, 3196, 3197, 3198, 3199, + 3200, 3201, 3202, 3203, 3204, 3205, 3206, 3207, 3208, 3209, 3210, 3211, 3212, 3213, 3214, 3215, 3216, 3217, 3218, 3219, 3220, 3221, 3222, 3223, 3224, + 3225, 3226, 3227, 3228, 3229, 3230, 3231, 3232, 3233, 3234, 3235, 3236, 3237, 3238, 3239, 3240, 3241, 3242, 3243, 3244, 3245, 3246, 3247, 3248, 3249, + 3250, 3251, 3252, 3253, 3254, 3255, 3256, 3257, 3258, 3259, 3260, 3261, 3262, 3263, 3264, 3265, 3266, 3267, 3268, 3269, 3270, 3271, 3272, 3273, 3274, + 3275, 3276, 3277, 3278, 3279, 3280, 3281, 3282, 3283, 3284, 3285, 3286, 3287, 3288, 3289, 3290, 3291, 3292, 3293, 3294, 3295, 3296, 3297, 3298, 3299, + 3300, 3301, 3302, 3303, 3304, 3305, 3306, 3307, 3308, 3309, 3310, 3311, 3312, 3313, 3314, 3315, 3316, 3317, 3318, 3319, 3320, 3321, 3322, 3323, 3324, + 3325, 3326, 3327, 3328, 3329, 3330, 3331, 3332, 3333, 3334, 3335, 3336, 3337, 3338, 3339, 3340, 3341, 3342, 3343, 3344, 3345, 3346, 3347, 3348, 3349, + 3350, 3351, 3352, 3353, 3354, 3355, 3356, 3357, 3358, 3359, 3360, 3361, 3362, 3363, 3364, 3365, 3366, 3367, 3368, 3369, 3370, 3371, 3372, 3373, 3374, + 3375, 3376, 3377, 3378, 3379, 3380, 3381, 3382, 3383, 3384, 3385, 3386, 3387, 3388, 3389, 3390, 3391, 3392, 3393, 3394, 3395, 3396, 3397, 3398, 3399, + 3400, 3401, 3402, 3403, 3404, 3405, 3406, 3407, 3408, 3409, 3410, 3411, 3412, 3413, 3414, 3415, 3416, 3417, 3418, 3419, 3420, 3421, 3422, 3423, 3424, + 3425, 3426, 3427, 3428, 3429, 3430, 3431, 3432, 3433, 3434, 3435, 3436, 3437, 3438, 3439, 3440, 3441, 3442, 3443, 3444, 3445, 3446, 3447, 3448, 3449, + 3450, 3451, 3452, 3453, 3454, 3455, 3456, 3457, 3458, 3459, 3460, 3461, 3462, 3463, 3464, 3465, 3466, 3467, 3468, 3469, 3470, 3471, 3472, 3473, 3474, + 3475, 3476, 3477, 3478, 3479, 3480, 3481, 3482, 3483, 3484, 3485, 3486, 3487, 3488, 3489, 3490, 3491, 3492, 3493, 3494, 3495, 3496, 3497, 3498, 3499, + 3500, 3501, 3502, 3503, 3504, 3505, 3506, 3507, 3508, 3509, 3510, 3511, 3512, 3513, 3514, 3515, 3516, 3517, 3518, 3519, 3520, 3521, 3522, 3523, 3524, + 3525, 3526, 3527, 3528, 3529, 3530, 3531, 3532, 3533, 3534, 3535, 3536, 3537, 3538, 3539, 3540, 3541, 3542, 3543, 3544, 3545, 3546, 3547, 3548, 3549, + 3550, 3551, 3552, 3553, 3554, 3555, 3556, 3557, 3558, 3559, 3560, 3561, 3562, 3563, 3564, 3565, 3566, 3567, 3568, 3569, 3570, 3571, 3572, 3573, 3574, + 3575, 3576, 3577, 3578, 3579, 3580, 3581, 3582, 3583, 3584, 3585, 3586, 3587, 3588, 3589, 3590, 3591, 3592, 3593, 3594, 3595, 3596, 3597, 3598, 3599, + 3600, 3601, 3602, 3603, 3604, 3605, 3606, 3607, 3608, 3609, 3610, 3611, 3612, 3613, 3614, 3615, 3616, 3617, 3618, 3619, 3620, 3621, 3622, 3623, 3624, + 3625, 3626, 3627, 3628, 3629, 3630, 3631, 3632, 3633, 3634, 3635, 3636, 3637, 3638, 3639, 3640, 3641, 3642, 3643, 3644, 3645, 3646, 3647, 3648, 3649, + 3650, 3651, 3652, 3653, 3654, 3655, 3656, 3657, 3658, 3659, 3660, 3661, 3662, 3663, 3664, 3665, 3666, 3667, 3668, 3669, 3670, 3671, 3672, 3673, 3674, + 3675, 3676, 3677, 3678, 3679, 3680, 3681, 3682, 3683, 3684, 3685, 3686, 3687, 3688, 3689, 3690, 3691, 3692, 3693, 3694, 3695, 3696, 3697, 3698, 3699, + 3700, 3701, 3702, 3703, 3704, 3705, 3706, 3707, 3708, 3709, 3710, 3711, 3712, 3713, 3714, 3715, 3716, 3717, 3718, 3719, 3720, 3721, 3722, 3723, 3724, + 3725, 3726, 3727, 3728, 3729, 3730, 3731, 3732, 3733, 3734, 3735, 3736, 3737, 3738, 3739, 3740, 3741, 3742, 3743, 3744, 3745, 3746, 3747, 3748, 3749, + 3750, 3751, 3752, 3753, 3754, 3755, 3756, 3757, 3758, 3759, 3760, 3761, 3762, 3763, 3764, 3765, 3766, 3767, 3768, 3769, 3770, 3771, 3772, 3773, 3774, + 3775, 3776, 3777, 3778, 3779, 3780, 3781, 3782, 3783, 3784, 3785, 3786, 3787, 3788, 3789, 3790, 3791, 3792, 3793, 3794, 3795, 3796, 3797, 3798, 3799, + 3800, 3801, 3802, 3803, 3804, 3805, 3806, 3807, 3808, 3809, 3810, 3811, 3812, 3813, 3814, 3815, 3816, 3817, 3818, 3819, 3820, 3821, 3822, 3823, 3824, + 3825, 3826, 3827, 3828, 3829, 3830, 3831, 3832, 3833, 3834, 3835, 3836, 3837, 3838, 3839, 3840, 3841, 3842, 3843, 3844, 3845, 3846, 3847, 3848, 3849, + 3850, 3851, 3852, 3853, 3854, 3855, 3856, 3857, 3858, 3859, 3860, 3861, 3862, 3863, 3864, 3865, 3866, 3867, 3868, 3869, 3870, 3871, 3872, 3873, 3874, + 3875, 3876, 3877, 3878, 3879, 3880, 3881, 3882, 3883, 3884, 3885, 3886, 3887, 3888, 3889, 3890, 3891, 3892, 3893, 3894, 3895, 3896, 3897, 3898, 3899, + 3900, 3901, 3902, 3903, 3904, 3905, 3906, 3907, 3908, 3909, 3910, 3911, 3912, 3913, 3914, 3915, 3916, 3917, 3918, 3919, 3920, 3921, 3922, 3923, 3924, + 3925, 3926, 3927, 3928, 3929, 3930, 3931, 3932, 3933, 3934, 3935, 3936, 3937, 3938, 3939, 3940, 3941, 3942, 3943, 3944, 3945, 3946, 3947, 3948, 3949, + 3950, 3951, 3952, 3953, 3954, 3955, 3956, 3957, 3958, 3959, 3960, 3961, 3962, 3963, 3964, 3965, 3966, 3967, 3968, 3969, 3970, 3971, 3972, 3973, 3974, + 3975, 3976, 3977, 3978, 3979, 3980, 3981, 3982, 3983, 3984, 3985, 3986, 3987, 3988, 3989, 3990, 3991, 3992, 3993, 3994, 3995, 3996, 3997, 3998, 3999, + 4000, 4001, 4002, 4003, 4004, 4005, 4006, 4007, 4008, 4009, 4010, 4011, 4012, 4013, 4014, 4015, 4016, 4017, 4018, 4019, 4020, 4021, 4022, 4023, 4024, + 4025, 4026, 4027, 4028, 4029, 4030, 4031, 4032, 4033, 4034, 4035, 4036, 4037, 4038, 4039, 4040, 4041, 4042, 4043, 4044, 4045, 4046, 4047, 4048, 4049, + 4050, 4051, 4052, 4053, 4054, 4055, 4056, 4057, 4058, 4059, 4060, 4061, 4062, 4063, 4064, 4065, 4066, 4067, 4068, 4069, 4070, 4071, 4072, 4073, 4074, + 4075, 4076, 4077, 4078, 4079, 4080, 4081, 4082, 4083, 4084, 4085, 4086, 4087, 4088, 4089, 4090, 4091, 4092, 4093, 4094, 4095, 4096, 4097, 4098, 4099, + 4100, 4101, 4102, 4103, 4104, 4105, 4106, 4107, 4108, 4109, 4110, 4111, 4112, 4113, 4114, 4115, 4116, 4117, 4118, 4119, 4120, 4121, 4122, 4123, 4124, + 4125, 4126, 4127, 4128, 4129, 4130, 4131, 4132, 4133, 4134, 4135, 4136, 4137, 4138, 4139, 4140, 4141, 4142, 4143, 4144, 4145, 4146, 4147, 4148, 4149, + 4150, 4151, 4152, 4153, 4154, 4155, 4156, 4157, 4158, 4159, 4160, 4161, 4162, 4163, 4164, 4165, 4166, 4167, 4168, 4169, 4170, 4171, 4172, 4173, 4174, + 4175, 4176, 4177, 4178, 4179, 4180, 4181, 4182, 4183, 4184, 4185, 4186, 4187, 4188, 4189, 4190, 4191, 4192, 4193, 4194, 4195, 4196, 4197, 4198, 4199, + 4200, 4201, 4202, 4203, 4204, 4205, 4206, 4207, 4208, 4209, 4210, 4211, 4212, 4213, 4214, 4215, 4216, 4217, 4218, 4219, 4220, 4221, 4222, 4223, 4224, + 4225, 4226, 4227, 4228, 4229, 4230, 4231, 4232, 4233, 4234, 4235, 4236, 4237, 4238, 4239, 4240, 4241, 4242, 4243, 4244, 4245, 4246, 4247, 4248, 4249, + 4250, 4251, 4252, 4253, 4254, 4255, 4256, 4257, 4258, 4259, 4260, 4261, 4262, 4263, 4264, 4265, 4266, 4267, 4268, 4269, 4270, 4271, 4272, 4273, 4274, + 4275, 4276, 4277, 4278, 4279, 4280, 4281, 4282, 4283, 4284, 4285, 4286, 4287, 4288, 4289, 4290, 4291, 4292, 4293, 4294, 4295, 4296, 4297, 4298, 4299, + 4300, 4301, 4302, 4303, 4304, 4305, 4306, 4307, 4308, 4309, 4310, 4311, 4312, 4313, 4314, 4315, 4316, 4317, 4318, 4319, 4320, 4321, 4322, 4323, 4324, + 4325, 4326, 4327, 4328, 4329, 4330, 4331, 4332, 4333, 4334, 4335, 4336, 4337, 4338, 4339, 4340, 4341, 4342, 4343, 4344, 4345, 4346, 4347, 4348, 4349, + 4350, 4351, 4352, 4353, 4354, 4355, 4356, 4357, 4358, 4359, 4360, 4361, 4362, 4363, 4364, 4365, 4366, 4367, 4368, 4369, 4370, 4371, 4372, 4373, 4374, + 4375, 4376, 4377, 4378, 4379, 4380, 4381, 4382, 4383, 4384, 4385, 4386, 4387, 4388, 4389, 4390, 4391, 4392, 4393, 4394, 4395, 4396, 4397, 4398, 4399, + 4400, 4401, 4402, 4403, 4404, 4405, 4406, 4407, 4408, 4409, 4410, 4411, 4412, 4413, 4414, 4415, 4416, 4417, 4418, 4419, 4420, 4421, 4422, 4423, 4424, + 4425, 4426, 4427, 4428, 4429, 4430, 4431, 4432, 4433, 4434, 4435, 4436, 4437, 4438, 4439, 4440, 4441, 4442, 4443, 4444, 4445, 4446, 4447, 4448, 4449, + 4450, 4451, 4452, 4453, 4454, 4455, 4456, 4457, 4458, 4459, 4460, 4461, 4462, 4463, 4464, 4465, 4466, 4467, 4468, 4469, 4470, 4471, 4472, 4473, 4474, + 4475, 4476, 4477, 4478, 4479, 4480, 4481, 4482, 4483, 4484, 4485, 4486, 4487, 4488, 4489, 4490, 4491, 4492, 4493, 4494, 4495, 4496, 4497, 4498, 4499, + 4500, 4501, 4502, 4503, 4504, 4505, 4506, 4507, 4508, 4509, 4510, 4511, 4512, 4513, 4514, 4515, 4516, 4517, 4518, 4519, 4520, 4521, 4522, 4523, 4524, + 4525, 4526, 4527, 4528, 4529, 4530, 4531, 4532, 4533, 4534, 4535, 4536, 4537, 4538, 4539, 4540, 4541, 4542, 4543, 4544, 4545, 4546, 4547, 4548, 4549, + 4550, 4551, 4552, 4553, 4554, 4555, 4556, 4557, 4558, 4559, 4560, 4561, 4562, 4563, 4564, 4565, 4566, 4567, 4568, 4569, 4570, 4571, 4572, 4573, 4574, + 4575, 4576, 4577, 4578, 4579, 4580, 4581, 4582, 4583, 4584, 4585, 4586, 4587, 4588, 4589, 4590, 4591, 4592, 4593, 4594, 4595, 4596, 4597, 4598, 4599, + 4600, 4601, 4602, 4603, 4604, 4605, 4606, 4607, 4608, 4609, 4610, 4611, 4612, 4613, 4614, 4615, 4616, 4617, 4618, 4619, 4620, 4621, 4622, 4623, 4624, + 4625, 4626, 4627, 4628, 4629, 4630, 4631, 4632, 4633, 4634, 4635, 4636, 4637, 4638, 4639, 4640, 4641, 4642, 4643, 4644, 4645, 4646, 4647, 4648, 4649, + 4650, 4651, 4652, 4653, 4654, 4655, 4656, 4657, 4658, 4659, 4660, 4661, 4662, 4663, 4664, 4665, 4666, 4667, 4668, 4669, 4670, 4671, 4672, 4673, 4674, + 4675, 4676, 4677, 4678, 4679, 4680, 4681, 4682, 4683, 4684, 4685, 4686, 4687, 4688, 4689, 4690, 4691, 4692, 4693, 4694, 4695, 4696, 4697, 4698, 4699, + 4700, 4701, 4702, 4703, 4704, 4705, 4706, 4707, 4708, 4709, 4710, 4711, 4712, 4713, 4714, 4715, 4716, 4717, 4718, 4719, 4720, 4721, 4722, 4723, 4724, + 4725, 4726, 4727, 4728, 4729, 4730, 4731, 4732, 4733, 4734, 4735, 4736, 4737, 4738, 4739, 4740, 4741, 4742, 4743, 4744, 4745, 4746, 4747, 4748, 4749, + 4750, 4751, 4752, 4753, 4754, 4755, 4756, 4757, 4758, 4759, 4760, 4761, 4762, 4763, 4764, 4765, 4766, 4767, 4768, 4769, 4770, 4771, 4772, 4773, 4774, + 4775, 4776, 4777, 4778, 4779, 4780, 4781, 4782, 4783, 4784, 4785, 4786, 4787, 4788, 4789, 4790, 4791, 4792, 4793, 4794, 4795, 4796, 4797, 4798, 4799, + 4800, 4801, 4802, 4803, 4804, 4805, 4806, 4807, 4808, 4809, 4810, 4811, 4812, 4813, 4814, 4815, 4816, 4817, 4818, 4819, 4820, 4821, 4822, 4823, 4824, + 4825, 4826, 4827, 4828, 4829, 4830, 4831, 4832, 4833, 4834, 4835, 4836, 4837, 4838, 4839, 4840, 4841, 4842, 4843, 4844, 4845, 4846, 4847, 4848, 4849, + 4850, 4851, 4852, 4853, 4854, 4855, 4856, 4857, 4858, 4859, 4860, 4861, 4862, 4863, 4864, 4865, 4866, 4867, 4868, 4869, 4870, 4871, 4872, 4873, 4874, + 4875, 4876, 4877, 4878, 4879, 4880, 4881, 4882, 4883, 4884, 4885, 4886, 4887, 4888, 4889, 4890, 4891, 4892, 4893, 4894, 4895, 4896, 4897, 4898, 4899, + 4900, 4901, 4902, 4903, 4904, 4905, 4906, 4907, 4908, 4909, 4910, 4911, 4912, 4913, 4914, 4915, 4916, 4917, 4918, 4919, 4920, 4921, 4922, 4923, 4924, + 4925, 4926, 4927, 4928, 4929, 4930, 4931, 4932, 4933, 4934, 4935, 4936, 4937, 4938, 4939, 4940, 4941, 4942, 4943, 4944, 4945, 4946, 4947, 4948, 4949, + 4950, 4951, 4952, 4953, 4954, 4955, 4956, 4957, 4958, 4959, 4960, 4961, 4962, 4963, 4964, 4965, 4966, 4967, 4968, 4969, 4970, 4971, 4972, 4973, 4974, + 4975, 4976, 4977, 4978, 4979, 4980, 4981, 4982, 4983, 4984, 4985, 4986, 4987, 4988, 4989, 4990, 4991, 4992, 4993, 4994, 4995, 4996, 4997, 4998, 4999, + 5000, 5001, 5002, 5003, 5004, 5005, 5006, 5007, 5008, 5009, 5010, 5011, 5012, 5013, 5014, 5015, 5016, 5017, 5018, 5019, 5020, 5021, 5022, 5023, 5024, + 5025, 5026, 5027, 5028, 5029, 5030, 5031, 5032, 5033, 5034, 5035, 5036, 5037, 5038, 5039, 5040, 5041, 5042, 5043, 5044, 5045, 5046, 5047, 5048, 5049, + 5050, 5051, 5052, 5053, 5054, 5055, 5056, 5057, 5058, 5059, 5060, 5061, 5062, 5063, 5064, 5065, 5066, 5067, 5068, 5069, 5070, 5071, 5072, 5073, 5074, + 5075, 5076, 5077, 5078, 5079, 5080, 5081, 5082, 5083, 5084, 5085, 5086, 5087, 5088, 5089, 5090, 5091, 5092, 5093, 5094, 5095, 5096, 5097, 5098, 5099, + 5100, 5101, 5102, 5103, 5104, 5105, 5106, 5107, 5108, 5109, 5110, 5111, 5112, 5113, 5114, 5115, 5116, 5117, 5118, 5119, 5120, 5121, 5122, 5123, 5124, + 5125, 5126, 5127, 5128, 5129, 5130, 5131, 5132, 5133, 5134, 5135, 5136, 5137, 5138, 5139, 5140, 5141, 5142, 5143, 5144, 5145, 5146, 5147, 5148, 5149, + 5150, 5151, 5152, 5153, 5154, 5155, 5156, 5157, 5158, 5159, 5160, 5161, 5162, 5163, 5164, 5165, 5166, 5167, 5168, 5169, 5170, 5171, 5172, 5173, 5174, + 5175, 5176, 5177, 5178, 5179, 5180, 5181, 5182, 5183, 5184, 5185, 5186, 5187, 5188, 5189, 5190, 5191, 5192, 5193, 5194, 5195, 5196, 5197, 5198, 5199, + 5200, 5201, 5202, 5203, 5204, 5205, 5206, 5207, 5208, 5209, 5210, 5211, 5212, 5213, 5214, 5215, 5216, 5217, 5218, 5219, 5220, 5221, 5222, 5223, 5224, + 5225, 5226, 5227, 5228, 5229, 5230, 5231, 5232, 5233, 5234, 5235, 5236, 5237, 5238, 5239, 5240, 5241, 5242, 5243, 5244, 5245, 5246, 5247, 5248, 5249, + 5250, 5251, 5252, 5253, 5254, 5255, 5256, 5257, 5258, 5259, 5260, 5261, 5262, 5263, 5264, 5265, 5266, 5267, 5268, 5269, 5270, 5271, 5272, 5273, 5274, + 5275, 5276, 5277, 5278, 5279, 5280, 5281, 5282, 5283, 5284, 5285, 5286, 5287, 5288, 5289, 5290, 5291, 5292, 5293, 5294, 5295, 5296, 5297, 5298, 5299, + 5300, 5301, 5302, 5303, 5304, 5305, 5306, 5307, 5308, 5309, 5310, 5311, 5312, 5313, 5314, 5315, 5316, 5317, 5318, 5319, 5320, 5321, 5322, 5323, 5324, + 5325, 5326, 5327, 5328, 5329, 5330, 5331, 5332, 5333, 5334, 5335, 5336, 5337, 5338, 5339, 5340, 5341, 5342, 5343, 5344, 5345, 5346, 5347, 5348, 5349, + 5350, 5351, 5352, 5353, 5354, 5355, 5356, 5357, 5358, 5359, 5360, 5361, 5362, 5363, 5364, 5365, 5366, 5367, 5368, 5369, 5370, 5371, 5372, 5373, 5374, + 5375, 5376, 5377, 5378, 5379, 5380, 5381, 5382, 5383, 5384, 5385, 5386, 5387, 5388, 5389, 5390, 5391, 5392, 5393, 5394, 5395, 5396, 5397, 5398, 5399, + 5400, 5401, 5402, 5403, 5404, 5405, 5406, 5407, 5408, 5409, 5410, 5411, 5412, 5413, 5414, 5415, 5416, 5417, 5418, 5419, 5420, 5421, 5422, 5423, 5424, + 5425, 5426, 5427, 5428, 5429, 5430, 5431, 5432, 5433, 5434, 5435, 5436, 5437, 5438, 5439, 5440, 5441, 5442, 5443, 5444, 5445, 5446, 5447, 5448, 5449, + 5450, 5451, 5452, 5453, 5454, 5455, 5456, 5457, 5458, 5459, 5460, 5461, 5462, 5463, 5464, 5465, 5466, 5467, 5468, 5469, 5470, 5471, 5472, 5473, 5474, + 5475, 5476, 5477, 5478, 5479, 5480, 5481, 5482, 5483, 5484, 5485, 5486, 5487, 5488, 5489, 5490, 5491, 5492, 5493, 5494, 5495, 5496, 5497, 5498, 5499, + 5500, 5501, 5502, 5503, 5504, 5505, 5506, 5507, 5508, 5509, 5510, 5511, 5512, 5513, 5514, 5515, 5516, 5517, 5518, 5519, 5520, 5521, 5522, 5523, 5524, + 5525, 5526, 5527, 5528, 5529, 5530, 5531, 5532, 5533, 5534, 5535, 5536, 5537, 5538, 5539, 5540, 5541, 5542, 5543, 5544, 5545, 5546, 5547, 5548, 5549, + 5550, 5551, 5552, 5553, 5554, 5555, 5556, 5557, 5558, 5559, 5560, 5561, 5562, 5563, 5564, 5565, 5566, 5567, 5568, 5569, 5570, 5571, 5572, 5573, 5574, + 5575, 5576, 5577, 5578, 5579, 5580, 5581, 5582, 5583, 5584, 5585, 5586, 5587, 5588, 5589, 5590, 5591, 5592, 5593, 5594, 5595, 5596, 5597, 5598, 5599, + 5600, 5601, 5602, 5603, 5604, 5605, 5606, 5607, 5608, 5609, 5610, 5611, 5612, 5613, 5614, 5615, 5616, 5617, 5618, 5619, 5620, 5621, 5622, 5623, 5624, + 5625, 5626, 5627, 5628, 5629, 5630, 5631, 5632, 5633, 5634, 5635, 5636, 5637, 5638, 5639, 5640, 5641, 5642, 5643, 5644, 5645, 5646, 5647, 5648, 5649, + 5650, 5651, 5652, 5653, 5654, 5655, 5656, 5657, 5658, 5659, 5660, 5661, 5662, 5663, 5664, 5665, 5666, 5667, 5668, 5669, 5670, 5671, 5672, 5673, 5674, + 5675, 5676, 5677, 5678, 5679, 5680, 5681, 5682, 5683, 5684, 5685, 5686, 5687, 5688, 5689, 5690, 5691, 5692, 5693, 5694, 5695, 5696, 5697, 5698, 5699, + 5700, 5701, 5702, 5703, 5704, 5705, 5706, 5707, 5708, 5709, 5710, 5711, 5712, 5713, 5714, 5715, 5716, 5717, 5718, 5719, 5720, 5721, 5722, 5723, 5724, + 5725, 5726, 5727, 5728, 5729, 5730, 5731, 5732, 5733, 5734, 5735, 5736, 5737, 5738, 5739, 5740, 5741, 5742, 5743, 5744, 5745, 5746, 5747, 5748, 5749, + 5750, 5751, 5752, 5753, 5754, 5755, 5756, 5757, 5758, 5759, 5760, 5761, 5762, 5763, 5764, 5765, 5766, 5767, 5768, 5769, 5770, 5771, 5772, 5773, 5774, + 5775, 5776, 5777, 5778, 5779, 5780, 5781, 5782, 5783, 5784, 5785, 5786, 5787, 5788, 5789, 5790, 5791, 5792, 5793, 5794, 5795, 5796, 5797, 5798, 5799, + 5800, 5801, 5802, 5803, 5804, 5805, 5806, 5807, 5808, 5809, 5810, 5811, 5812, 5813, 5814, 5815, 5816, 5817, 5818, 5819, 5820, 5821, 5822, 5823, 5824, + 5825, 5826, 5827, 5828, 5829, 5830, 5831, 5832, 5833, 5834, 5835, 5836, 5837, 5838, 5839, 5840, 5841, 5842, 5843, 5844, 5845, 5846, 5847, 5848, 5849, + 5850, 5851, 5852, 5853, 5854, 5855, 5856, 5857, 5858, 5859, 5860, 5861, 5862, 5863, 5864, 5865, 5866, 5867, 5868, 5869, 5870, 5871, 5872, 5873, 5874, + 5875, 5876, 5877, 5878, 5879, 5880, 5881, 5882, 5883, 5884, 5885, 5886, 5887, 5888, 5889, 5890, 5891, 5892, 5893, 5894, 5895, 5896, 5897, 5898, 5899, + 5900, 5901, 5902, 5903, 5904, 5905, 5906, 5907, 5908, 5909, 5910, 5911, 5912, 5913, 5914, 5915, 5916, 5917, 5918, 5919, 5920, 5921, 5922, 5923, 5924, + 5925, 5926, 5927, 5928, 5929, 5930, 5931, 5932, 5933, 5934, 5935, 5936, 5937, 5938, 5939, 5940, 5941, 5942, 5943, 5944, 5945, 5946, 5947, 5948, 5949, + 5950, 5951, 5952, 5953, 5954, 5955, 5956, 5957, 5958, 5959, 5960, 5961, 5962, 5963, 5964, 5965, 5966, 5967, 5968, 5969, 5970, 5971, 5972, 5973, 5974, + 5975, 5976, 5977, 5978, 5979, 5980, 5981, 5982, 5983, 5984, 5985, 5986, 5987, 5988, 5989, 5990, 5991, 5992, 5993, 5994, 5995, 5996, 5997, 5998, 5999, + 6000, 6001, 6002, 6003, 6004, 6005, 6006, 6007, 6008, 6009, 6010, 6011, 6012, 6013, 6014, 6015, 6016, 6017, 6018, 6019, 6020, 6021, 6022, 6023, 6024, + 6025, 6026, 6027, 6028, 6029, 6030, 6031, 6032, 6033, 6034, 6035, 6036, 6037, 6038, 6039, 6040, 6041, 6042, 6043, 6044, 6045, 6046, 6047, 6048, 6049, + 6050, 6051, 6052, 6053, 6054, 6055, 6056, 6057, 6058, 6059, 6060, 6061, 6062, 6063, 6064, 6065, 6066, 6067, 6068, 6069, 6070, 6071, 6072, 6073, 6074, + 6075, 6076, 6077, 6078, 6079, 6080, 6081, 6082, 6083, 6084, 6085, 6086, 6087, 6088, 6089, 6090, 6091, 6092, 6093, 6094, 6095, 6096, 6097, 6098, 6099, + 6100, 6101, 6102, 6103, 6104, 6105, 6106, 6107, 6108, 6109, 6110, 6111, 6112, 6113, 6114, 6115, 6116, 6117, 6118, 6119, 6120, 6121, 6122, 6123, 6124, + 6125, 6126, 6127, 6128, 6129, 6130, 6131, 6132, 6133, 6134, 6135, 6136, 6137, 6138, 6139, 6140, 6141, 6142, 6143, 6144, 6145, 6146, 6147, 6148, 6149, + 6150, 6151, 6152, 6153, 6154, 6155, 6156, 6157, 6158, 6159, 6160, 6161, 6162, 6163, 6164, 6165, 6166, 6167, 6168, 6169, 6170, 6171, 6172, 6173, 6174, + 6175, 6176, 6177, 6178, 6179, 6180, 6181, 6182, 6183, 6184, 6185, 6186, 6187, 6188, 6189, 6190, 6191, 6192, 6193, 6194, 6195, 6196, 6197, 6198, 6199, + 6200, 6201, 6202, 6203, 6204, 6205, 6206, 6207, 6208, 6209, 6210, 6211, 6212, 6213, 6214, 6215, 6216, 6217, 6218, 6219, 6220, 6221, 6222, 6223, 6224, + 6225, 6226, 6227, 6228, 6229, 6230, 6231, 6232, 6233, 6234, 6235, 6236, 6237, 6238, 6239, 6240, 6241, 6242, 6243, 6244, 6245, 6246, 6247, 6248, 6249, + 6250, 6251, 6252, 6253, 6254, 6255, 6256, 6257, 6258, 6259, 6260, 6261, 6262, 6263, 6264, 6265, 6266, 6267, 6268, 6269, 6270, 6271, 6272, 6273, 6274, + 6275, 6276, 6277, 6278, 6279, 6280, 6281, 6282, 6283, 6284, 6285, 6286, 6287, 6288, 6289, 6290, 6291, 6292, 6293, 6294, 6295, 6296, 6297, 6298, 6299, + 6300, 6301, 6302, 6303, 6304, 6305, 6306, 6307, 6308, 6309, 6310, 6311, 6312, 6313, 6314, 6315, 6316, 6317, 6318, 6319, 6320, 6321, 6322, 6323, 6324, + 6325, 6326, 6327, 6328, 6329, 6330, 6331, 6332, 6333, 6334, 6335, 6336, 6337, 6338, 6339, 6340, 6341, 6342, 6343, 6344, 6345, 6346, 6347, 6348, 6349, + 6350, 6351, 6352, 6353, 6354, 6355, 6356, 6357, 6358, 6359, 6360, 6361, 6362, 6363, 6364, 6365, 6366, 6367, 6368, 6369, 6370, 6371, 6372, 6373, 6374, + 6375, 6376, 6377, 6378, 6379, 6380, 6381, 6382, 6383, 6384, 6385, 6386, 6387, 6388, 6389, 6390, 6391, 6392, 6393, 6394, 6395, 6396, 6397, 6398, 6399, + 6400, 6401, 6402, 6403, 6404, 6405, 6406, 6407, 6408, 6409, 6410, 6411, 6412, 6413, 6414, 6415, 6416, 6417, 6418, 6419, 6420, 6421, 6422, 6423, 6424, + 6425, 6426, 6427, 6428, 6429, 6430, 6431, 6432, 6433, 6434, 6435, 6436, 6437, 6438, 6439, 6440, 6441, 6442, 6443, 6444, 6445, 6446, 6447, 6448, 6449, + 6450, 6451, 6452, 6453, 6454, 6455, 6456, 6457, 6458, 6459, 6460, 6461, 6462, 6463, 6464, 6465, 6466, 6467, 6468, 6469, 6470, 6471, 6472, 6473, 6474, + 6475, 6476, 6477, 6478, 6479, 6480, 6481, 6482, 6483, 6484, 6485, 6486, 6487, 6488, 6489, 6490, 6491, 6492, 6493, 6494, 6495, 6496, 6497, 6498, 6499, + 6500, 6501, 6502, 6503, 6504, 6505, 6506, 6507, 6508, 6509, 6510, 6511, 6512, 6513, 6514, 6515, 6516, 6517, 6518, 6519, 6520, 6521, 6522, 6523, 6524, + 6525, 6526, 6527, 6528, 6529, 6530, 6531, 6532, 6533, 6534, 6535, 6536, 6537, 6538, 6539, 6540, 6541, 6542, 6543, 6544, 6545, 6546, 6547, 6548, 6549, + 6550, 6551, 6552, 6553, 6554, 6555, 6556, 6557, 6558, 6559, 6560, 6561, 6562, 6563, 6564, 6565, 6566, 6567, 6568, 6569, 6570, 6571, 6572, 6573, 6574, + 6575, 6576, 6577, 6578, 6579, 6580, 6581, 6582, 6583, 6584, 6585, 6586, 6587, 6588, 6589, 6590, 6591, 6592, 6593, 6594, 6595, 6596, 6597, 6598, 6599, + 6600, 6601, 6602, 6603, 6604, 6605, 6606, 6607, 6608, 6609, 6610, 6611, 6612, 6613, 6614, 6615, 6616, 6617, 6618, 6619, 6620, 6621, 6622, 6623, 6624, + 6625, 6626, 6627, 6628, 6629, 6630, 6631, 6632, 6633, 6634, 6635, 6636, 6637, 6638, 6639, 6640, 6641, 6642, 6643, 6644, 6645, 6646, 6647, 6648, 6649, + 6650, 6651, 6652, 6653, 6654, 6655, 6656, 6657, 6658, 6659, 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667, 6668, 6669, 6670, 6671, 6672, 6673, 6674, + 6675, 6676, 6677, 6678, 6679, 6680, 6681, 6682, 6683, 6684, 6685, 6686, 6687, 6688, 6689, 6690, 6691, 6692, 6693, 6694, 6695, 6696, 6697, 6698, 6699, + 6700, 6701, 6702, 6703, 6704, 6705, 6706, 6707, 6708, 6709, 6710, 6711, 6712, 6713, 6714, 6715, 6716, 6717, 6718, 6719, 6720, 6721, 6722, 6723, 6724, + 6725, 6726, 6727, 6728, 6729, 6730, 6731, 6732, 6733, 6734, 6735, 6736, 6737, 6738, 6739, 6740, 6741, 6742, 6743, 6744, 6745, 6746, 6747, 6748, 6749, + 6750, 6751, 6752, 6753, 6754, 6755, 6756, 6757, 6758, 6759, 6760, 6761, 6762, 6763, 6764, 6765, 6766, 6767, 6768, 6769, 6770, 6771, 6772, 6773, 6774, + 6775, 6776, 6777, 6778, 6779, 6780, 6781, 6782, 6783, 6784, 6785, 6786, 6787, 6788, 6789, 6790, 6791, 6792, 6793, 6794, 6795, 6796, 6797, 6798, 6799, + 6800, 6801, 6802, 6803, 6804, 6805, 6806, 6807, 6808, 6809, 6810, 6811, 6812, 6813, 6814, 6815, 6816, 6817, 6818, 6819, 6820, 6821, 6822, 6823, 6824, + 6825, 6826, 6827, 6828, 6829, 6830, 6831, 6832, 6833, 6834, 6835, 6836, 6837, 6838, 6839, 6840, 6841, 6842, 6843, 6844, 6845, 6846, 6847, 6848, 6849, + 6850, 6851, 6852, 6853, 6854, 6855, 6856, 6857, 6858, 6859, 6860, 6861, 6862, 6863, 6864, 6865, 6866, 6867, 6868, 6869, 6870, 6871, 6872, 6873, 6874, + 6875, 6876, 6877, 6878, 6879, 6880, 6881, 6882, 6883, 6884, 6885, 6886, 6887, 6888, 6889, 6890, 6891, 6892, 6893, 6894, 6895, 6896, 6897, 6898, 6899, + 6900, 6901, 6902, 6903, 6904, 6905, 6906, 6907, 6908, 6909, 6910, 6911, 6912, 6913, 6914, 6915, 6916, 6917, 6918, 6919, 6920, 6921, 6922, 6923, 6924, + 6925, 6926, 6927, 6928, 6929, 6930, 6931, 6932, 6933, 6934, 6935, 6936, 6937, 6938, 6939, 6940, 6941, 6942, 6943, 6944, 6945, 6946, 6947, 6948, 6949, + 6950, 6951, 6952, 6953, 6954, 6955, 6956, 6957, 6958, 6959, 6960, 6961, 6962, 6963, 6964, 6965, 6966, 6967, 6968, 6969, 6970, 6971, 6972, 6973, 6974, + 6975, 6976, 6977, 6978, 6979, 6980, 6981, 6982, 6983, 6984, 6985, 6986, 6987, 6988, 6989, 6990, 6991, 6992, 6993, 6994, 6995, 6996, 6997, 6998, 6999, + 7000, 7001, 7002, 7003, 7004, 7005, 7006, 7007, 7008, 7009, 7010, 7011, 7012, 7013, 7014, 7015, 7016, 7017, 7018, 7019, 7020, 7021, 7022, 7023, 7024, + 7025, 7026, 7027, 7028, 7029, 7030, 7031, 7032, 7033, 7034, 7035, 7036, 7037, 7038, 7039, 7040, 7041, 7042, 7043, 7044, 7045, 7046, 7047, 7048, 7049, + 7050, 7051, 7052, 7053, 7054, 7055, 7056, 7057, 7058, 7059, 7060, 7061, 7062, 7063, 7064, 7065, 7066, 7067, 7068, 7069, 7070, 7071, 7072, 7073, 7074, + 7075, 7076, 7077, 7078, 7079, 7080, 7081, 7082, 7083, 7084, 7085, 7086, 7087, 7088, 7089, 7090, 7091, 7092, 7093, 7094, 7095, 7096, 7097, 7098, 7099, + 7100, 7101, 7102, 7103, 7104, 7105, 7106, 7107, 7108, 7109, 7110, 7111, 7112, 7113, 7114, 7115, 7116, 7117, 7118, 7119, 7120, 7121, 7122, 7123, 7124, + 7125, 7126, 7127, 7128, 7129, 7130, 7131, 7132, 7133, 7134, 7135, 7136, 7137, 7138, 7139, 7140, 7141, 7142, 7143, 7144, 7145, 7146, 7147, 7148, 7149, + 7150, 7151, 7152, 7153, 7154, 7155, 7156, 7157, 7158, 7159, 7160, 7161, 7162, 7163, 7164, 7165, 7166, 7167, 7168, 7169, 7170, 7171, 7172, 7173, 7174, + 7175, 7176, 7177, 7178, 7179, 7180, 7181, 7182, 7183, 7184, 7185, 7186, 7187, 7188, 7189, 7190, 7191, 7192, 7193, 7194, 7195, 7196, 7197, 7198, 7199, + 7200, 7201, 7202, 7203, 7204, 7205, 7206, 7207, 7208, 7209, 7210, 7211, 7212, 7213, 7214, 7215, 7216, 7217, 7218, 7219, 7220, 7221, 7222, 7223, 7224, + 7225, 7226, 7227, 7228, 7229, 7230, 7231, 7232, 7233, 7234, 7235, 7236, 7237, 7238, 7239, 7240, 7241, 7242, 7243, 7244, 7245, 7246, 7247, 7248, 7249, + 7250, 7251, 7252, 7253, 7254, 7255, 7256, 7257, 7258, 7259, 7260, 7261, 7262, 7263, 7264, 7265, 7266, 7267, 7268, 7269, 7270, 7271, 7272, 7273, 7274, + 7275, 7276, 7277, 7278, 7279, 7280, 7281, 7282, 7283, 7284, 7285, 7286, 7287, 7288, 7289, 7290, 7291, 7292, 7293, 7294, 7295, 7296, 7297, 7298, 7299, + 7300, 7301, 7302, 7303, 7304, 7305, 7306, 7307, 7308, 7309, 7310, 7311, 7312, 7313, 7314, 7315, 7316, 7317, 7318, 7319, 7320, 7321, 7322, 7323, 7324, + 7325, 7326, 7327, 7328, 7329, 7330, 7331, 7332, 7333, 7334, 7335, 7336, 7337, 7338, 7339, 7340, 7341, 7342, 7343, 7344, 7345, 7346, 7347, 7348, 7349, + 7350, 7351, 7352, 7353, 7354, 7355, 7356, 7357, 7358, 7359, 7360, 7361, 7362, 7363, 7364, 7365, 7366, 7367, 7368, 7369, 7370, 7371, 7372, 7373, 7374, + 7375, 7376, 7377, 7378, 7379, 7380, 7381, 7382, 7383, 7384, 7385, 7386, 7387, 7388, 7389, 7390, 7391, 7392, 7393, 7394, 7395, 7396, 7397, 7398, 7399, + 7400, 7401, 7402, 7403, 7404, 7405, 7406, 7407, 7408, 7409, 7410, 7411, 7412, 7413, 7414, 7415, 7416, 7417, 7418, 7419, 7420, 7421, 7422, 7423, 7424, + 7425, 7426, 7427, 7428, 7429, 7430, 7431, 7432, 7433, 7434, 7435, 7436, 7437, 7438, 7439, 7440, 7441, 7442, 7443, 7444, 7445, 7446, 7447, 7448, 7449, + 7450, 7451, 7452, 7453, 7454, 7455, 7456, 7457, 7458, 7459, 7460, 7461, 7462, 7463, 7464, 7465, 7466, 7467, 7468, 7469, 7470, 7471, 7472, 7473, 7474, + 7475, 7476, 7477, 7478, 7479, 7480, 7481, 7482, 7483, 7484, 7485, 7486, 7487, 7488, 7489, 7490, 7491, 7492, 7493, 7494, 7495, 7496, 7497, 7498, 7499, + 7500, 7501, 7502, 7503, 7504, 7505, 7506, 7507, 7508, 7509, 7510, 7511, 7512, 7513, 7514, 7515, 7516, 7517, 7518, 7519, 7520, 7521, 7522, 7523, 7524, + 7525, 7526, 7527, 7528, 7529, 7530, 7531, 7532, 7533, 7534, 7535, 7536, 7537, 7538, 7539, 7540, 7541, 7542, 7543, 7544, 7545, 7546, 7547, 7548, 7549, + 7550, 7551, 7552, 7553, 7554, 7555, 7556, 7557, 7558, 7559, 7560, 7561, 7562, 7563, 7564, 7565, 7566, 7567, 7568, 7569, 7570, 7571, 7572, 7573, 7574, + 7575, 7576, 7577, 7578, 7579, 7580, 7581, 7582, 7583, 7584, 7585, 7586, 7587, 7588, 7589, 7590, 7591, 7592, 7593, 7594, 7595, 7596, 7597, 7598, 7599, + 7600, 7601, 7602, 7603, 7604, 7605, 7606, 7607, 7608, 7609, 7610, 7611, 7612, 7613, 7614, 7615, 7616, 7617, 7618, 7619, 7620, 7621, 7622, 7623, 7624, + 7625, 7626, 7627, 7628, 7629, 7630, 7631, 7632, 7633, 7634, 7635, 7636, 7637, 7638, 7639, 7640, 7641, 7642, 7643, 7644, 7645, 7646, 7647, 7648, 7649, + 7650, 7651, 7652, 7653, 7654, 7655, 7656, 7657, 7658, 7659, 7660, 7661, 7662, 7663, 7664, 7665, 7666, 7667, 7668, 7669, 7670, 7671, 7672, 7673, 7674, + 7675, 7676, 7677, 7678, 7679, 7680, 7681, 7682, 7683, 7684, 7685, 7686, 7687, 7688, 7689, 7690, 7691, 7692, 7693, 7694, 7695, 7696, 7697, 7698, 7699, + 7700, 7701, 7702, 7703, 7704, 7705, 7706, 7707, 7708, 7709, 7710, 7711, 7712, 7713, 7714, 7715, 7716, 7717, 7718, 7719, 7720, 7721, 7722, 7723, 7724, + 7725, 7726, 7727, 7728, 7729, 7730, 7731, 7732, 7733, 7734, 7735, 7736, 7737, 7738, 7739, 7740, 7741, 7742, 7743, 7744, 7745, 7746, 7747, 7748, 7749, + 7750, 7751, 7752, 7753, 7754, 7755, 7756, 7757, 7758, 7759, 7760, 7761, 7762, 7763, 7764, 7765, 7766, 7767, 7768, 7769, 7770, 7771, 7772, 7773, 7774, + 7775, 7776, 7777, 7778, 7779, 7780, 7781, 7782, 7783, 7784, 7785, 7786, 7787, 7788, 7789, 7790, 7791, 7792, 7793, 7794, 7795, 7796, 7797, 7798, 7799, + 7800, 7801, 7802, 7803, 7804, 7805, 7806, 7807, 7808, 7809, 7810, 7811, 7812, 7813, 7814, 7815, 7816, 7817, 7818, 7819, 7820, 7821, 7822, 7823, 7824, + 7825, 7826, 7827, 7828, 7829, 7830, 7831, 7832, 7833, 7834, 7835, 7836, 7837, 7838, 7839, 7840, 7841, 7842, 7843, 7844, 7845, 7846, 7847, 7848, 7849, + 7850, 7851, 7852, 7853, 7854, 7855, 7856, 7857, 7858, 7859, 7860, 7861, 7862, 7863, 7864, 7865, 7866, 7867, 7868, 7869, 7870, 7871, 7872, 7873, 7874, + 7875, 7876, 7877, 7878, 7879, 7880, 7881, 7882, 7883, 7884, 7885, 7886, 7887, 7888, 7889, 7890, 7891, 7892, 7893, 7894, 7895, 7896, 7897, 7898, 7899, + 7900, 7901, 7902, 7903, 7904, 7905, 7906, 7907, 7908, 7909, 7910, 7911, 7912, 7913, 7914, 7915, 7916, 7917, 7918, 7919, 7920, 7921, 7922, 7923, 7924, + 7925, 7926, 7927, 7928, 7929, 7930, 7931, 7932, 7933, 7934, 7935, 7936, 7937, 7938, 7939, 7940, 7941, 7942, 7943, 7944, 7945, 7946, 7947, 7948, 7949, + 7950, 7951, 7952, 7953, 7954, 7955, 7956, 7957, 7958, 7959, 7960, 7961, 7962, 7963, 7964, 7965, 7966, 7967, 7968, 7969, 7970, 7971, 7972, 7973, 7974, + 7975, 7976, 7977, 7978, 7979, 7980, 7981, 7982, 7983, 7984, 7985, 7986, 7987, 7988, 7989, 7990, 7991, 7992, 7993, 7994, 7995, 7996, 7997, 7998, 7999, + 8000, 8001, 8002, 8003, 8004, 8005, 8006, 8007, 8008, 8009, 8010, 8011, 8012, 8013, 8014, 8015, 8016, 8017, 8018, 8019, 8020, 8021, 8022, 8023, 8024, + 8025, 8026, 8027, 8028, 8029, 8030, 8031, 8032, 8033, 8034, 8035, 8036, 8037, 8038, 8039, 8040, 8041, 8042, 8043, 8044, 8045, 8046, 8047, 8048, 8049, + 8050, 8051, 8052, 8053, 8054, 8055, 8056, 8057, 8058, 8059, 8060, 8061, 8062, 8063, 8064, 8065, 8066, 8067, 8068, 8069, 8070, 8071, 8072, 8073, 8074, + 8075, 8076, 8077, 8078, 8079, 8080, 8081, 8082, 8083, 8084, 8085, 8086, 8087, 8088, 8089, 8090, 8091, 8092, 8093, 8094, 8095, 8096, 8097, 8098, 8099, + 8100, 8101, 8102, 8103, 8104, 8105, 8106, 8107, 8108, 8109, 8110, 8111, 8112, 8113, 8114, 8115, 8116, 8117, 8118, 8119, 8120, 8121, 8122, 8123, 8124, + 8125, 8126, 8127, 8128, 8129, 8130, 8131, 8132, 8133, 8134, 8135, 8136, 8137, 8138, 8139, 8140, 8141, 8142, 8143, 8144, 8145, 8146, 8147, 8148, 8149, + 8150, 8151, 8152, 8153, 8154, 8155, 8156, 8157, 8158, 8159, 8160, 8161, 8162, 8163, 8164, 8165, 8166, 8167, 8168, 8169, 8170, 8171, 8172, 8173, 8174, + 8175, 8176, 8177, 8178, 8179, 8180, 8181, 8182, 8183, 8184, 8185, 8186, 8187, 8188, 8189, 8190, 8191, 8192, 8193, 8194, 8195, 8196, 8197, 8198, 8199, + +}; + + + +/* Indique la taille maximale des suites d'octets recherchées. */ +size_t g_hyperscan_backend_get_atom_max_size(const GHyperscanBackend *); + +/* Inscrit dans le moteur une chaîne de caractères à rechercher. */ +static bool g_hyperscan_backend_enroll_plain_pattern(GHyperscanBackend *, const uint8_t *, size_t, uint32_t [2]); + +/* Met en ordre les derniers détails avant un premier scan. */ +static bool g_hyperscan_backend_warm_up(GHyperscanBackend *); + +/* Récupère les identifiants finaux pour un motif recherché. */ +static patid_t g_hyperscan_backend_build_plain_pattern_id(const GHyperscanBackend *, const uint32_t [2]); + +/* Détermine le nombre d'identifiants constitués. */ +static size_t g_hyperscan_backend_count_plain_pattern_ids(const GHyperscanBackend *); + +/* Informations utiles au traitement d'un événement */ +typedef struct _hyperscan_context_t +{ + const size_t *lengths; /* Nombre d'octets considérés */ + const uint32_t *coverages; /* Départ et quantité de suivis*/ + +#ifndef NDEBUG + size_t used; /* Nombre d'éléments utiles */ + const unsigned int *lit_ids; /* Identifiants internes */ +#endif + + GUMemSlice **matches; /* Zones d'enregistrements */ + +} hyperscan_context_t; + +/* Prend note d'une correspondance trouvée par Hyperscan. */ +static int handle_hyperscan_match_event(unsigned int, unsigned long long, unsigned long long, unsigned int, GScanContext *context/*const hyperscan_context_t *context*/); + +/* Parcours un contenu binaire à la recherche de motifs. */ +static void g_hyperscan_backend_run_scan(const GHyperscanBackend *, GScanContext *); + +/* Imprime quelques faits quant aux éléments mis en place. */ +static void g_hyperscan_backend_output_stats(const GHyperscanBackend *); + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLANTATION D'UNE NOUVELLE APPROCHE */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour un moteur de recherche pour données. */ +G_DEFINE_TYPE(GHyperscanBackend, g_hyperscan_backend, G_TYPE_ENGINE_BACKEND); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des méthodes basée sur Hyperscan. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_hyperscan_backend_class_init(GHyperscanBackendClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GEngineBackendClass *backend; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_hyperscan_backend_dispose; + object->finalize = (GObjectFinalizeFunc)g_hyperscan_backend_finalize; + + backend = G_ENGINE_BACKEND_CLASS(klass); + + backend->get_max_size = (get_backend_atom_max_size_fc)g_hyperscan_backend_get_atom_max_size; + backend->enroll_plain = (enroll_plain_into_backend_fc)g_hyperscan_backend_enroll_plain_pattern; + backend->warm_up = (warm_up_backend_fc)g_hyperscan_backend_warm_up; + backend->build_id = (build_backend_plain_pattern_id_fc)g_hyperscan_backend_build_plain_pattern_id; + backend->count_ids = (count_backend_plain_pattern_ids_fc)g_hyperscan_backend_count_plain_pattern_ids; + backend->run_scan = (run_backend_scan_fc)g_hyperscan_backend_run_scan; + backend->output = (output_backend_stats_fc)g_hyperscan_backend_output_stats; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = instance à initialiser. * +* * +* Description : Initialise une instance de méthodes basée sur Hyperscan. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_hyperscan_backend_init(GHyperscanBackend *backend) +{ + backend->atoms = NULL; + backend->lengths = NULL; + backend->coverages = NULL; + backend->allocated = 0; + backend->used = 0; + + backend->database = NULL; + backend->scratch = NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_hyperscan_backend_dispose(GHyperscanBackend *backend) +{ + G_OBJECT_CLASS(g_hyperscan_backend_parent_class)->dispose(G_OBJECT(backend)); + +} + + +/****************************************************************************** +* * +* Paramètres : backend = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_hyperscan_backend_finalize(GHyperscanBackend *backend) +{ + if (backend->atoms != NULL) + free(backend->atoms); + + if (backend->lengths != NULL) + free(backend->lengths); + + if (backend->coverages != NULL) + free(backend->coverages); + + if (backend->scratch != NULL) + hs_free_scratch(backend->scratch); + + if (backend->database != NULL) + hs_free_database(backend->database); + + G_OBJECT_CLASS(g_hyperscan_backend_parent_class)->finalize(G_OBJECT(backend)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Crée une méthode de recherche avec la bibliothèque Hyperscan.* +* * +* Retour : Méthode mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GEngineBackend *g_hyperscan_backend_new(void) +{ + GHyperscanBackend *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_HYPERSCAN_BACKEND, NULL); + + return G_ENGINE_BACKEND(result); + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à consulter. * +* * +* Description : Indique la taille maximale des suites d'octets recherchées. * +* * +* Retour : Valeur strictement positive. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_hyperscan_backend_get_atom_max_size(const GHyperscanBackend *backend) +{ + size_t result; /* Taille à faire connaître */ + + result = ~0; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à manipuler. * +* plain = chaîne de caractères classique à intégrer. * +* len = taille de cette chaîne. * +* tmp_id = identifiants temporaires vers le motif. [OUT] * +* * +* Description : Inscrit dans le moteur une chaîne de caractères à rechercher.* +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_hyperscan_backend_enroll_plain_pattern(GHyperscanBackend *backend, const uint8_t *plain, size_t len, uint32_t tmp_id[2]) +{ + bool result; /* Bilan à retourner */ + size_t i; /* Boucle de parcours */ + int ret; /* Bilan d'une comparaison */ + + result = true; + + /*Recherche d'un motif déjà sollicité */ + + i = backend->used; + + /* + for (i = 0; i < backend->used; i++) + { + if (backend->lengths[i] != len) + continue; + + ret = memcmp(backend->atoms[i], plain, backend->lengths[i]); + + if (ret == 0) + { + tmp_id[0] = i; + tmp_id[1] = backend->coverages[i * 2 + EXPR_COVERAGE_COUNT]; + + backend->coverages[i * 2 + EXPR_COVERAGE_COUNT]++; + break; + + } + + } + */ + + /* Introduction d'un nouveau motif au besoin */ + + if (i == backend->used) + { + if (backend->used == backend->allocated) + { + if (backend->allocated == 0) + backend->allocated = 6400; + else + backend->allocated *= 2; + + backend->atoms = realloc(backend->atoms, backend->allocated * sizeof(const uint8_t *)); + backend->lengths = realloc(backend->lengths, backend->allocated * sizeof(size_t)); + backend->coverages = realloc(backend->coverages, backend->allocated * 2 * sizeof(uint32_t)); + + } + + backend->atoms[i] = plain; + backend->lengths[i] = len; + backend->coverages[i * 2 + EXPR_COVERAGE_COUNT] = 1; + + backend->used++; + + tmp_id[0] = i; + tmp_id[1] = 0; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à préparer. * +* * +* Description : Met en ordre les derniers détails avant un premier scan. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +#include <fcntl.h> +#include "../../../../common/io.h" + +static bool g_hyperscan_backend_warm_up(GHyperscanBackend *backend) +{ + bool result; /* Bilan à retourner */ + uint32_t current_start; /* Indice de gestionnaire */ + size_t i; /* Boucle de parcours */ + hs_compile_error_t *error; /* Compléments d'information */ + hs_error_t ret; /* Code de retour */ + + hs_platform_info_t platform; + + result = false; + + /* Mise à jour de la couverture des gestionnaires de suivi */ + + current_start = 0; + + for (i = 0; i < backend->used; i++) + { + backend->coverages[i * 2 + EXPR_COVERAGE_START] = current_start; + backend->coverages[i * 2 + EXPR_COVERAGE_END] += current_start; + + current_start = backend->coverages[i * 2 + EXPR_COVERAGE_END]; + + } + + /* Enregistrement des expressions à prendre en compte */ + +#if 0 + backend->lit_ids = malloc(backend->used * sizeof(unsigned)); + + for (i = 0; i < backend->used; i++) + backend->lit_ids[i] = i; + +#else + + backend->lit_ids = __cached_ids; + +#endif + + + //hs_populate_platform(&platform); + + //platform.tune = 1; + + //platform.cpu_features = HS_CPU_FEATURES_AVX512; + +#if 0 + + ret = hs_compile_lit_multi((const char *const *)backend->atoms, NULL, backend->lit_ids, backend->lengths, + backend->used, HS_MODE_BLOCK, NULL, &backend->database, &error); + + + //printf("ret: %d -vs- %d\n", ret, HS_SUCCESS); + + if (ret != HS_SUCCESS) + { + log_variadic_message(LMT_EXT_ERROR, _("Unable to compile %zu patterns: \"%s\""), + backend->used, error->message); + printf("FAILED: %s\n", error->message); + hs_free_compile_error(error); + goto exit; + } + + do + { + char *bytes; + size_t length; + int fd; + + ret = hs_serialize_database(backend->database, &bytes, &length); + printf("ret: %d -vs- %d\n", ret, HS_SUCCESS); + + fd = open("/tmp/compiled.bin", O_WRONLY | O_CREAT | O_TRUNC, 0600); + + safe_write(fd, bytes, length); + + close(fd); + + } + while (0); + + +#else + + char *bytes; + size_t length; + bool status; + int fd; + + length = 674216; + bytes = malloc(length); + + fd = open("/tmp/compiled.bin", O_RDONLY); + + status = safe_read(fd, bytes, length); + + close(fd); + + //printf("status: %d\n", status); + + ret = hs_deserialize_database(bytes, length, &backend->database); + //printf("ret: %d -vs- %d\n", ret, HS_SUCCESS); + + + +#endif + + + +#if 0 + do + { + //hs_platform_info_t platform; + char *__info; + + //hs_populate_platform(&platform); + + printf("TUNE: %u\n", platform.tune); + + printf("CPU: %llx - AVX2? %d - AVX512? %d\n", platform.cpu_features, + platform.cpu_features & HS_CPU_FEATURES_AVX2, + platform.cpu_features & HS_CPU_FEATURES_AVX512); + + hs_database_info(backend->database, &__info); + + printf("INFO: %s\n", __info); + + } + while (0); +#endif + + /* Création d'un espace de travail */ + + ret = hs_alloc_scratch(backend->database, &backend->scratch); + + //printf("ret: %d -vs- %d\n", ret, HS_SUCCESS); + + if (ret != HS_SUCCESS) + { + log_variadic_message(LMT_EXT_ERROR, _("Unable to allocate scratch space")); + goto exit; + } + + result = true; + + exit: + + //printf("result: %d\n", result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à manipuler. * +* tmp_id = identifiants temporaires vers le motif. [OUT] * +* * +* Description : Récupère les identifiants finaux pour un motif recherché. * +* * +* Retour : Identifiant constitué ou INVALID_PATTERN_ID en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static patid_t g_hyperscan_backend_build_plain_pattern_id(const GHyperscanBackend *backend, const uint32_t tmp_id[2]) +{ + patid_t result; /* Identifiant à retourner */ + size_t index; /* Indice reconstitué */ + + assert(tmp_id[0] < backend->used); + + index = tmp_id[0] * 2; + + result = backend->coverages[index + EXPR_COVERAGE_START] + tmp_id[1]; + + assert(result < backend->coverages[index + EXPR_COVERAGE_END]); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à manipuler. * +* * +* Description : Détermine le nombre d'identifiants constitués. * +* * +* Retour : Quantité de gestionnaires de suivi à prévoir. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static size_t g_hyperscan_backend_count_plain_pattern_ids(const GHyperscanBackend *backend) +{ + size_t result; /* Quantité à retourner */ + + if (backend->used == 0) + result = 0; + else + result = backend->coverages[(backend->used - 1) * 2 + EXPR_COVERAGE_END]; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à manipuler. * +* context = lieu d'enregistrement des résultats. * +* * +* Description : Prend note d'une correspondance trouvée par Hyperscan. * +* * +* Retour : 0 afin de poursuivre les recherches. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int handle_hyperscan_match_event(unsigned int id, unsigned long long from, unsigned long long to, unsigned int flags, GScanContext *context/*const hyperscan_context_t *context*/) +{ + + g_scan_context_store_atom_match_end(context, id, to); + + return 0; + +#if 0 + + phys_t offset; /* Point de départ établi */ + const uint32_t *coverage_base; /* Base des suivis */ + uint32_t k; /* Boucle de parcours */ + uint32_t final_k; /* Dernier indice à traiter */ + + //return 0; + +#ifndef NDEBUG + assert(id < context->used); + assert(id == context->lit_ids[id]); +#endif + + offset = to - context->lengths[id]; + + coverage_base = context->coverages + id * 2; + + k = coverage_base[EXPR_COVERAGE_START]; + final_k = coverage_base[EXPR_COVERAGE_END]; + + for (; k < final_k; k++) + g_umem_slice_put_uint64(context->matches[0/*k*/], offset); + + return 0; + +#endif + +} + + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à manipuler. * +* context = lieu d'enregistrement des résultats. * +* * +* Description : Parcours un contenu binaire à la recherche de motifs. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_hyperscan_backend_run_scan(const GHyperscanBackend *backend, GScanContext *context) +{ + GBinContent *content; /* Contenu binaire manipulé */ + phys_t dlen; /* Quantité de données */ + vmpa2t pos; /* Point de départ ciblé */ + const bin_t *data; /* Données à analyser */ +#ifndef NDEBUG + size_t count; /* Nombre de zones prévues */ +#endif + hyperscan_context_t hcontext; /* Rassemblement d'informations*/ + GUMemSlice **matches; /* Zones d'enregistrements */ + hs_error_t ret; /* Code de retour */ + + /* Récupération d'un accès aux données */ + + content = g_scan_context_get_content(context); + + dlen = g_binary_content_compute_size(content); + + g_binary_content_compute_start_pos(content, &pos); + data = g_binary_content_get_raw_access(content, &pos, dlen); + + /* Préparation de l'accès aux éléments utiles */ + + hcontext.lengths = backend->lengths; + hcontext.coverages = backend->coverages; + +#ifndef NDEBUG + hcontext.used = backend->used; + hcontext.lit_ids = backend->lit_ids; +#endif + + /* +#ifndef NDEBUG + matches = g_scan_context_get_match_storages(context, &count); + assert(count == backend->used); +#else + matches = g_scan_context_get_match_storages(context, (size_t []){ 0 }); +#endif + */ + matches = NULL; /* REMME */ + + hcontext.matches = matches; + + /* Lancement de l'analyse */ + + ret = hs_scan(backend->database, (const char *)data, dlen, + 0 /* Arg. inutilisé */, backend->scratch, + (match_event_handler)handle_hyperscan_match_event, /*&h*/context); + + + //printf("ret ok? %d\n", ret == HS_SUCCESS); + + + + g_object_unref(G_OBJECT(content)); + +} + + +/****************************************************************************** +* * +* Paramètres : backend = moteur de recherche à consulter. * +* * +* Description : Imprime quelques faits quant aux éléments mis en place. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_hyperscan_backend_output_stats(const GHyperscanBackend *backend) +{ + printf("TODO: %s\n", __FUNCTION__); + +} diff --git a/src/analysis/scan/patterns/backends/hyperscan.h b/src/analysis/scan/patterns/backends/hyperscan.h new file mode 100644 index 0000000..d8c0f92 --- /dev/null +++ b/src/analysis/scan/patterns/backends/hyperscan.h @@ -0,0 +1,59 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * hyperscan.h - prototypes pour la méthode de recherche basée sur la bibliothèque Hyperscan d'Intel + * + * Copyright (C) 2024 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_PATTERNS_BACKENDS_HYPERSCAN_H +#define _ANALYSIS_SCAN_PATTERNS_BACKENDS_HYPERSCAN_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include "../backend.h" + + + +#define G_TYPE_HYPERSCAN_BACKEND g_hyperscan_backend_get_type() +#define G_HYPERSCAN_BACKEND(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_HYPERSCAN_BACKEND, GHyperscanBackend)) +#define G_IS_HYPERSCAN_BACKEND(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_HYPERSCAN_BACKEND)) +#define G_HYPERSCAN_BACKEND_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_HYPERSCAN_BACKEND, GHyperscanBackendClass)) +#define G_IS_HYPERSCAN_BACKEND_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_HYPERSCAN_BACKEND)) +#define G_HYPERSCAN_BACKEND_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_HYPERSCAN_BACKEND, GHyperscanBackendClass)) + + +/* Méthode de recherche basée sur une bibliothèque d'Intel : Hyperscan (instance) */ +typedef struct _GHyperscanBackend GHyperscanBackend; + +/* Méthode de recherche basée sur une bibliothèque d'Intel : Hyperscan (classe) */ +typedef struct _GHyperscanBackendClass GHyperscanBackendClass; + + +/* Indique le type défini pour un moteur de recherche pour données. */ +GType g_hyperscan_backend_get_type(void); + +/* Crée une méthode de recherche avec la bibliothèque Hyperscan. */ +GEngineBackend *g_hyperscan_backend_new(void); + + + +#endif /* _ANALYSIS_SCAN_PATTERNS_BACKENDS_HYPERSCAN_H */ diff --git a/src/analysis/scan/patterns/customizer-int.h b/src/analysis/scan/patterns/customizer-int.h new file mode 100644 index 0000000..9d49ab6 --- /dev/null +++ b/src/analysis/scan/patterns/customizer-int.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * customizer-int.h - prototypes internes pour la modification paramétrée d'une séquence d'octets + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_CUSTOMIZER_INT_H +#define _ANALYSIS_SCAN_CUSTOMIZER_INT_H + + +#include "customizer.h" +#include "modifier-int.h" + + + +/* Encadrement de transformation paramétrée d'une séquence d'octets (instance) */ +struct _GScanTokenCustomizer +{ + GScanTokenModifier parent; /* A laisser en premier */ + + GScanTokenModifier *effective; /* Modificateur effectif */ + + modifier_arg_t *args; /* Paramètres de transformation*/ + size_t count; /* Quantité de ces paramètres */ + +}; + +/* Encadrement de transformation paramétrée d'une séquence d'octets (classe) */ +struct _GScanTokenCustomizerClass +{ + GScanTokenModifierClass parent; /* A laisser en premier */ + +}; + + +/* Met en place un encadrement de transformation de motifs. */ +bool g_scan_token_customizer_create(GScanTokenCustomizer *, const modifier_arg_t *); + + + +#endif /* _ANALYSIS_SCAN_CUSTOMIZER_INT_H */ diff --git a/src/analysis/scan/patterns/customizer.c b/src/analysis/scan/patterns/customizer.c new file mode 100644 index 0000000..9659957 --- /dev/null +++ b/src/analysis/scan/patterns/customizer.c @@ -0,0 +1,377 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * customizer.c - modification paramétrée d'une séquence d'octets + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "customizer.h" + + +#include <malloc.h> + + +#include "customizer-int.h" + + + +/* --------------------- TRANSFORMATION PERSONNALISEE DE MOTIFS --------------------- */ + + +/* Initialise la classe des transformations paramétrée. */ +static void g_scan_token_customizer_class_init(GScanTokenCustomizerClass *); + +/* Initialise une instance de transformation paramétrée. */ +static void g_scan_token_customizer_init(GScanTokenCustomizer *); + +/* Supprime toutes les références externes. */ +static void g_scan_token_customizer_dispose(GScanTokenCustomizer *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_token_customizer_finalize(GScanTokenCustomizer *); + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_token_customizer_get_name(const GScanTokenCustomizer *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_token_customizer_transform(const GScanTokenCustomizer *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* TRANSFORMATION PERSONNALISEE DE MOTIFS */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transformation personnalisée d'une séquence d'octets. */ +G_DEFINE_TYPE(GScanTokenCustomizer, g_scan_token_customizer, G_TYPE_SCAN_TOKEN_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transformations paramétrée. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_token_customizer_class_init(GScanTokenCustomizerClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_token_customizer_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_token_customizer_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_token_customizer_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_token_customizer_transform; + +} + + +/****************************************************************************** +* * +* Paramètres : customizer = instance à initialiser. * +* * +* Description : Initialise une instance de transformation paramétrée. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_token_customizer_init(GScanTokenCustomizer *customizer) +{ + customizer->effective = NULL; + + customizer->args = NULL; + customizer->count = 0; + +} + + +/****************************************************************************** +* * +* Paramètres : customizer = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_token_customizer_dispose(GScanTokenCustomizer *customizer) +{ + g_clear_object(&customizer->effective); + + G_OBJECT_CLASS(g_scan_token_customizer_parent_class)->dispose(G_OBJECT(customizer)); + +} + + +/****************************************************************************** +* * +* Paramètres : customizer = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_token_customizer_finalize(GScanTokenCustomizer *customizer) +{ + size_t i; /* Boucle de parcours */ + + for (i = 0; i < customizer->count; i++) + exit_mod_arg(&customizer->args[i]); + + if (customizer->args != NULL) + free(customizer->args); + + G_OBJECT_CLASS(g_scan_token_customizer_parent_class)->finalize(G_OBJECT(customizer)); + +} + + +/****************************************************************************** +* * +* Paramètres : arg = premier argument pour personnaliser l'opération. * +* * +* Description : Construit un encadrement de transformation de motifs. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_token_customizer_new(const modifier_arg_t *arg) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_TOKEN_CUSTOMIZER, NULL); + + if (!g_scan_token_customizer_create(G_SCAN_TOKEN_CUSTOMIZER(result), arg)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : customizer = encadrement de motif à initialiser pleinement. * +* arg = premier argument pour personnaliser l'opération.* +* * +* Description : Met en place un encadrement de transformation de motifs. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_token_customizer_create(GScanTokenCustomizer *customizer, const modifier_arg_t *arg) +{ + g_scan_token_customizer_add_extra_arg(customizer, arg); + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : customizer = encadrement de motif à compléter. * +* arg = nouvel argument pour personnaliser l'opération. * +* * +* Description : Ajoute un argument à l'encadrement de transformation. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_token_customizer_add_extra_arg(GScanTokenCustomizer *customizer, const modifier_arg_t *arg) +{ + customizer->args = realloc(customizer->args, ++customizer->count * sizeof(modifier_arg_t)); + + copy_mod_arg(&customizer->args[customizer->count - 1], arg); + +} + + +/****************************************************************************** +* * +* Paramètres : customizer = encadrement de motif à compléter. * +* modifier = modificateur de motifs à employer en sous-main. * +* * +* Description : Définit le transformateur effectif pour les motifs. * +* * +* Retour : true si le motificateur accepte les arguments courants. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_token_customizer_attach_modifier(GScanTokenCustomizer *customizer, GScanTokenModifier *modifier) +{ + bool result; /* Validation à retourner */ + size_t i; /* Boucle de parcours */ + + result = true; + + for (i = 0; i < customizer->count && result; i++) + result = g_scan_token_modifier_can_handle_arg(modifier, &customizer->args[i]); + + if (!result) goto exit; + + customizer->effective = modifier; + g_object_ref(G_OBJECT(modifier)); + + exit: + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_token_customizer_get_name(const GScanTokenCustomizer *modifier) +{ + char *result; /* Désignation à retourner */ + + if (modifier->effective == NULL) + result = NULL; + + else + result = g_scan_token_modifier_get_name(modifier->effective); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_token_customizer_transform(const GScanTokenCustomizer *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + size_t i; /* Boucle de parcours #1 */ + sized_binary_t *extra; /* Motifs supplémentaires */ + size_t extra_count; /* Quantité de ces motifs */ + size_t old_dcount; /* Mémorisation avant avancées */ + sized_binary_t *new; /* Nouvel emplacement libre */ + size_t k; /* Boucle de parcours #2 */ + + *dest = NULL; + *dcount = 0; + + for (i = 0; i < modifier->count; i++) + { + result = g_scan_token_modifier_transform_with_arg(modifier->effective, + src, scount, + &modifier->args[i], + &extra, &extra_count); + if (!result) goto exit; + + old_dcount = *dcount; + + *dcount += extra_count; + *dest = realloc(*dest, *dcount * sizeof(sized_binary_t)); + + new = (*dest) + old_dcount; + + for (k = 0; k < extra_count; k++, new++) + copy_szstr(*new, extra[k]); + + free(extra); + + } + + exit: + + if (!result) + { + for (i = 0; i < *dcount; i++) + exit_szstr(dest[i]); + + if (*dest != NULL) + free(*dest); + + *dest = NULL; + *dcount = 0; + + } + + return result; + +} diff --git a/src/analysis/scan/patterns/customizer.h b/src/analysis/scan/patterns/customizer.h new file mode 100644 index 0000000..845d9ff --- /dev/null +++ b/src/analysis/scan/patterns/customizer.h @@ -0,0 +1,65 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * customizer.h - prototypes pour la modification paramétrée d'une séquence d'octets + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_CUSTOMIZER_H +#define _ANALYSIS_SCAN_CUSTOMIZER_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include "modifier.h" + + + +#define G_TYPE_SCAN_TOKEN_CUSTOMIZER g_scan_token_customizer_get_type() +#define G_SCAN_TOKEN_CUSTOMIZER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_TOKEN_CUSTOMIZER, GScanTokenCustomizer)) +#define G_IS_SCAN_TOKEN_CUSTOMIZER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_TOKEN_CUSTOMIZER)) +#define G_SCAN_TOKEN_CUSTOMIZER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_TOKEN_CUSTOMIZER, GScanTokenCustomizerClass)) +#define G_IS_SCAN_TOKEN_CUSTOMIZER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_TOKEN_CUSTOMIZER)) +#define G_SCAN_TOKEN_CUSTOMIZER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_TOKEN_CUSTOMIZER, GScanTokenCustomizerClass)) + + +/* Encadrement de transformation paramétrée d'une séquence d'octets (instance) */ +typedef struct _GScanTokenCustomizer GScanTokenCustomizer; + +/* Encadrement de transformation paramétrée d'une séquence d'octets (classe) */ +typedef struct _GScanTokenCustomizerClass GScanTokenCustomizerClass; + + +/* Indique le type défini pour une transformation personnalisée d'une séquence d'octets. */ +GType g_scan_token_customizer_get_type(void); + +/* Construit un encadrement de transformation de motifs. */ +GScanTokenModifier *g_scan_token_customizer_new(const modifier_arg_t *); + +/* Ajoute un argument à l'encadrement de transformation. */ +void g_scan_token_customizer_add_extra_arg(GScanTokenCustomizer *, const modifier_arg_t *); + +/* Définit le transformateur effectif pour les motifs. */ +bool g_scan_token_customizer_attach_modifier(GScanTokenCustomizer *, GScanTokenModifier *); + + + +#endif /* _ANALYSIS_SCAN_CUSTOMIZER_H */ diff --git a/src/analysis/scan/patterns/modarg.h b/src/analysis/scan/patterns/modarg.h new file mode 100644 index 0000000..d96e137 --- /dev/null +++ b/src/analysis/scan/patterns/modarg.h @@ -0,0 +1,91 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * modarg.h - prototypes pour la conservation d'arguments pour modificateurs + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_MODARG_H +#define _ANALYSIS_SCAN_MODARG_H + + +#include <stdbool.h> + + +#include "../../../common/szstr.h" + + + +/* Types d'arguments pris en charge */ +typedef enum _ModifierArgType +{ + MAT_BOOLEAN, /* Valeur booléenne */ + MAT_SIGNED_INTEGER, /* Nombre entier 64 bits #1 */ + MAT_UNSIGNED_INTEGER, /* Nombre entier 64 bits #2 */ + MAT_STRING, /* Chaîne de caractères */ + MAT_RANGE, /* Séquence d'entiers */ + +} ModifierArgType; + +/* Argument pour modificateur de motif */ +typedef struct _modifier_arg_t +{ + ModifierArgType type; /* Type de valeur portée */ + + union + { + bool boolean; /* Valeur booléenne */ + long long s_integer; /* Valeur entière 64 bits */ + unsigned long long u_integer; /* Valeur entière 64 bits */ + sized_string_t string; /* Chaîne de caractères */ + + struct + { + long long start; /* Point de départ */ + long long end; /* Point d'arrivée */ + + } range; + + } value; + +} modifier_arg_t; + + +#define exit_mod_arg(a) \ + do \ + { \ + if ((a)->type == MAT_STRING) \ + exit_szstr(&(a)->value.string); \ + } \ + while (0) + +#define copy_mod_arg(d, s) \ + do \ + { \ + (d)->type = (s)->type; \ + if ((s)->type == MAT_STRING) \ + szstrdup(&(d)->value.string, &(s)->value.string); \ + else \ + *(d) = *(s); \ + } \ + while (0) + + + +#endif /* _ANALYSIS_SCAN_MODARG_H */ diff --git a/src/analysis/scan/patterns/modifier-int.h b/src/analysis/scan/patterns/modifier-int.h index 246c139..c9b3a36 100644 --- a/src/analysis/scan/patterns/modifier-int.h +++ b/src/analysis/scan/patterns/modifier-int.h @@ -33,7 +33,16 @@ typedef char * (* get_scan_modifier_name_fc) (const GScanTokenModifier *); /* Transforme une séquence d'octets pour motif de recherche. */ -typedef bool (* transform_scan_token_fc) (const GScanTokenModifier *, const sized_binary_t *, sized_binary_t **, size_t *); +typedef bool (* transform_scan_token_fc) (const GScanTokenModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Détermine si un argument est bien toléré par un modificateur. */ +typedef bool (* can_token_modifier_handle_arg) (const GScanTokenModifier *, const modifier_arg_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +typedef bool (* transform_scan_token_with_fc) (const GScanTokenModifier *, const sized_binary_t *, size_t, const modifier_arg_t *, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +typedef char * (* get_modifier_path) (const GScanTokenModifier *, size_t *); /* Transformation d'une séquence d'octets en une ou plusieurs autres formes (instance) */ @@ -51,6 +60,9 @@ struct _GScanTokenModifierClass get_scan_modifier_name_fc get_name; /* Fourniture du nom d'appel */ transform_scan_token_fc transform; /* Opération de transformation */ + can_token_modifier_handle_arg can_handle; /* Support d'argument donné */ + transform_scan_token_with_fc transform_with; /* Opération encadrée */ + get_modifier_path get_path; /* Rappel d'une combinaison */ }; diff --git a/src/analysis/scan/patterns/modifier.c b/src/analysis/scan/patterns/modifier.c index 77d8bfd..9efd404 100644 --- a/src/analysis/scan/patterns/modifier.c +++ b/src/analysis/scan/patterns/modifier.c @@ -155,9 +155,10 @@ char *g_scan_token_modifier_get_name(const GScanTokenModifier *modifier) /****************************************************************************** * * * Paramètres : modifier = modificateur à solliciter. * -* src = séquence d'octets à traiter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * * dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * -* count = quantité de ces séquences. * +* dcount = quantité de ces séquences. * * * * Description : Transforme une séquence d'octets pour motif de recherche. * * * @@ -167,14 +168,110 @@ char *g_scan_token_modifier_get_name(const GScanTokenModifier *modifier) * * ******************************************************************************/ -bool g_scan_token_modifier_transform(const GScanTokenModifier *modifier, const sized_binary_t *src, sized_binary_t **dest, size_t *count) +bool g_scan_token_modifier_transform(const GScanTokenModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) { bool result; /* Bilan d'opération à renvoyer*/ GScanTokenModifierClass *class; /* Classe à activer */ class = G_SCAN_TOKEN_MODIFIER_GET_CLASS(modifier); - result = class->transform(modifier, src, dest, count); + result = class->transform(modifier, src, scount, dest, dcount); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* arg = argument de personnalisation. * +* * +* Description : Détermine si un argument est bien toléré par un modificateur.* +* * +* Retour : Bilan de la consultation : support ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_token_modifier_can_handle_arg(const GScanTokenModifier *modifier, const modifier_arg_t *arg) +{ + bool result; /* Bilan d'opération à renvoyer*/ + GScanTokenModifierClass *class; /* Classe à activer */ + + class = G_SCAN_TOKEN_MODIFIER_GET_CLASS(modifier); + + if (class->can_handle == NULL) + result = false; + else + result = class->can_handle(modifier, arg); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* arg = argument de personnalisation. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_token_modifier_transform_with_arg(const GScanTokenModifier *modifier, const sized_binary_t *src, size_t scount, const modifier_arg_t *arg, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + GScanTokenModifierClass *class; /* Classe à activer */ + + result = false; + + if (!g_scan_token_modifier_can_handle_arg(modifier, arg)) + goto exit; + + class = G_SCAN_TOKEN_MODIFIER_GET_CLASS(modifier); + + if (class->transform_with != NULL) + result = class->transform_with(modifier, src, scount, arg, dest, dcount); + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +char *g_scan_token_modifier_get_path(const GScanTokenModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + GScanTokenModifierClass *class; /* Classe à activer */ + + class = G_SCAN_TOKEN_MODIFIER_GET_CLASS(modifier); + + result = class->get_path(modifier, index); return result; diff --git a/src/analysis/scan/patterns/modifier.h b/src/analysis/scan/patterns/modifier.h index a195ca8..9030a72 100644 --- a/src/analysis/scan/patterns/modifier.h +++ b/src/analysis/scan/patterns/modifier.h @@ -29,6 +29,8 @@ #include <stdbool.h> + +#include "modarg.h" #include "../../../common/szstr.h" @@ -55,7 +57,16 @@ GType g_scan_token_modifier_get_type(void); char *g_scan_token_modifier_get_name(const GScanTokenModifier *); /* Transforme une séquence d'octets pour motif de recherche. */ -bool g_scan_token_modifier_transform(const GScanTokenModifier *, const sized_binary_t *, sized_binary_t **, size_t *); +bool g_scan_token_modifier_transform(const GScanTokenModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Détermine si un argument est bien toléré par un modificateur. */ +bool g_scan_token_modifier_can_handle_arg(const GScanTokenModifier *, const modifier_arg_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +bool g_scan_token_modifier_transform_with_arg(const GScanTokenModifier *, const sized_binary_t *, size_t, const modifier_arg_t *, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +char *g_scan_token_modifier_get_path(const GScanTokenModifier *, size_t *); diff --git a/src/analysis/scan/patterns/modifiers/Makefile.am b/src/analysis/scan/patterns/modifiers/Makefile.am index fe5263c..da046b9 100644 --- a/src/analysis/scan/patterns/modifiers/Makefile.am +++ b/src/analysis/scan/patterns/modifiers/Makefile.am @@ -6,8 +6,14 @@ libanalysisscanpatternsmodifiers_la_SOURCES = \ hex.h hex.c \ list-int.h \ list.h list.c \ + lower.h lower.c \ + pipe-int.h \ + pipe.h pipe.c \ plain.h plain.c \ - rev.h rev.c + rev.h rev.c \ + upper.h upper.c \ + wide.h wide.c \ + xor.h xor.c libanalysisscanpatternsmodifiers_la_CFLAGS = $(LIBGOBJ_CFLAGS) diff --git a/src/analysis/scan/patterns/modifiers/hex.c b/src/analysis/scan/patterns/modifiers/hex.c index cf1583c..4a41c7d 100644 --- a/src/analysis/scan/patterns/modifiers/hex.c +++ b/src/analysis/scan/patterns/modifiers/hex.c @@ -56,7 +56,10 @@ static void g_scan_hex_modifier_finalize(GScanHexModifier *); static char *g_scan_hex_modifier_get_name(const GScanHexModifier *); /* Transforme une séquence d'octets pour motif de recherche. */ -static bool g_scan_hex_modifier_transform(const GScanHexModifier *, const sized_binary_t *, sized_binary_t **, size_t *); +static bool g_scan_hex_modifier_transform(const GScanHexModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_hex_modifier_get_path(const GScanHexModifier *, size_t *); @@ -96,6 +99,7 @@ static void g_scan_hex_modifier_class_init(GScanHexModifierClass *klass) modifier->get_name = (get_scan_modifier_name_fc)g_scan_hex_modifier_get_name; modifier->transform = (transform_scan_token_fc)g_scan_hex_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_hex_modifier_get_path; } @@ -211,9 +215,10 @@ static char *g_scan_hex_modifier_get_name(const GScanHexModifier *modifier) /****************************************************************************** * * * Paramètres : modifier = modificateur à solliciter. * -* src = séquence d'octets à traiter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * * dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * -* count = quantité de ces séquences. * +* dcount = quantité de ces séquences. * * * * Description : Transforme une séquence d'octets pour motif de recherche. * * * @@ -223,30 +228,69 @@ static char *g_scan_hex_modifier_get_name(const GScanHexModifier *modifier) * * ******************************************************************************/ -static bool g_scan_hex_modifier_transform(const GScanHexModifier *modifier, const sized_binary_t *src, sized_binary_t **dest, size_t *count) +static bool g_scan_hex_modifier_transform(const GScanHexModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) { bool result; /* Bilan d'opération à renvoyer*/ sized_binary_t *binary; /* Raccourci vers le stockage */ - size_t i; /* Boucle de parcours */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + size_t k; /* Boucle de parcours #2 */ static char *alphabet = "0123456789abcdef"; result = true; - *dest = malloc(1 * sizeof(sized_binary_t)); - *count = 1; + *dcount = scount; + *dest = malloc(*dcount * sizeof(sized_binary_t)); binary = &(*dest)[0]; - binary->len = src->len * 2; - binary->data = malloc(binary->len); + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + binary->len = _src->len * 2; + binary->data = malloc(binary->len); + + for (k = 0; k < _src->len; k++) + { + binary->data[k * 2 + 0] = alphabet[_src->data[k] >> 4]; + binary->data[k * 2 + 1] = alphabet[_src->data[k] & 0xf]; + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ - for (i = 0; i < src->len; i++) +static char *g_scan_hex_modifier_get_path(const GScanHexModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) { - binary->data[i * 2 + 0] = alphabet[src->data[i] >> 4]; - binary->data[i * 2 + 1] = alphabet[src->data[i] & 0xf]; + result = NULL; + (*index)--; } + else + result = strdup("hex"); + return result; } diff --git a/src/analysis/scan/patterns/modifiers/list.c b/src/analysis/scan/patterns/modifiers/list.c index 141fa54..86fd19f 100644 --- a/src/analysis/scan/patterns/modifiers/list.c +++ b/src/analysis/scan/patterns/modifiers/list.c @@ -56,7 +56,10 @@ static void g_scan_modifier_list_finalize(GScanModifierList *); static char *g_scan_modifier_list_get_name(const GScanModifierList *); /* Transforme une séquence d'octets pour motif de recherche. */ -static bool g_scan_modifier_list_transform(const GScanModifierList *, const sized_binary_t *, sized_binary_t **, size_t *); +static bool g_scan_modifier_list_transform(const GScanModifierList *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_modifier_list_get_path(const GScanModifierList *, size_t *); @@ -96,6 +99,7 @@ static void g_scan_modifier_list_class_init(GScanModifierListClass *klass) modifier->get_name = (get_scan_modifier_name_fc)g_scan_modifier_list_get_name; modifier->transform = (transform_scan_token_fc)g_scan_modifier_list_transform; + modifier->get_path = (get_modifier_path)g_scan_modifier_list_get_path; } @@ -235,9 +239,9 @@ bool g_scan_modifier_list_add(GScanModifierList *list, GScanTokenModifier *modif } - } + free(name); - free(name); + } if (!result) goto done; @@ -344,9 +348,10 @@ static char *g_scan_modifier_list_get_name(const GScanModifierList *modifier) /****************************************************************************** * * * Paramètres : modifier = modificateur à solliciter. * -* src = séquence d'octets à traiter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * * dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * -* count = quantité de ces séquences. * +* dcount = quantité de ces séquences. * * * * Description : Transforme une séquence d'octets pour motif de recherche. * * * @@ -356,7 +361,7 @@ static char *g_scan_modifier_list_get_name(const GScanModifierList *modifier) * * ******************************************************************************/ -static bool g_scan_modifier_list_transform(const GScanModifierList *modifier, const sized_binary_t *src, sized_binary_t **dest, size_t *count) +static bool g_scan_modifier_list_transform(const GScanModifierList *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) { bool result; /* Bilan d'opération à renvoyer*/ size_t i; /* Boucle de parcours #1 */ @@ -366,17 +371,17 @@ static bool g_scan_modifier_list_transform(const GScanModifierList *modifier, co size_t k; /* Boucle de parcours #2 */ *dest = NULL; - *count = 0; + *dcount = 0; for (i = 0; i < modifier->count; i++) { - result = g_scan_token_modifier_transform(modifier->modifiers[i], src, &extra, &extra_count); + result = g_scan_token_modifier_transform(modifier->modifiers[i], src, scount, &extra, &extra_count); if (!result) goto exit; - new = (*dest) + *count; + *dcount += extra_count; + *dest = realloc(*dest, *dcount * sizeof(sized_binary_t)); - *count += extra_count; - *dest = realloc(*dest, *count * sizeof(sized_binary_t)); + new = (*dest) + *dcount - extra_count; for (k = 0; k < extra_count; k++, new++) copy_szstr(*new, extra[k]); @@ -389,17 +394,45 @@ static bool g_scan_modifier_list_transform(const GScanModifierList *modifier, co if (!result) { - for (i = 0; i < *count; i++) + for (i = 0; i < *dcount; i++) exit_szstr(dest[i]); if (*dest != NULL) free(*dest); *dest = NULL; - *count = 0; + *dcount = 0; } return result; } + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_modifier_list_get_path(const GScanModifierList *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + size_t i; /* Boucle de parcours #1 */ + + result = NULL; + + for (i = 0; i < modifier->count && result == NULL; i++) + result = g_scan_token_modifier_get_path(modifier->modifiers[i], index); + + return result; + +} diff --git a/src/analysis/scan/patterns/modifiers/lower.c b/src/analysis/scan/patterns/modifiers/lower.c new file mode 100644 index 0000000..3904c52 --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/lower.c @@ -0,0 +1,301 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * lower.c - transformation d'une séquence d'octets par passage en minuscules + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "lower.h" + + +#include <malloc.h> +#include <string.h> + + +#include "../modifier-int.h" + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en minuscules. */ +static void g_scan_lower_modifier_class_init(GScanLowerModifierClass *klass); + +/* Initialise une instance de transmission en minuscules. */ +static void g_scan_lower_modifier_init(GScanLowerModifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_lower_modifier_dispose(GScanLowerModifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_lower_modifier_finalize(GScanLowerModifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_lower_modifier_get_name(const GScanLowerModifier *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_lower_modifier_transform(const GScanLowerModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_lower_modifier_get_path(const GScanLowerModifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transformation par bascule en minuscules. */ +G_DEFINE_TYPE(GScanLowerModifier, g_scan_lower_modifier, G_TYPE_SCAN_TOKEN_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en minuscules. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_lower_modifier_class_init(GScanLowerModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_lower_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_lower_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_lower_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_lower_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_lower_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en minuscules. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_lower_modifier_init(GScanLowerModifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_lower_modifier_dispose(GScanLowerModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_lower_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_lower_modifier_finalize(GScanLowerModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_lower_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des octets en minuscules. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_lower_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_LOWER_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_lower_modifier_get_name(const GScanLowerModifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("lower"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_lower_modifier_transform(const GScanLowerModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + size_t k; /* Boucle de parcours #2 */ + + result = true; + + *dcount = scount; + *dest = malloc(*dcount * sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + binary->len = _src->len; + binary->data = malloc(binary->len); + + for (k = 0; k < _src->len; k++) + switch (_src->data[k]) + { + case 'A' ... 'Z': + binary->data[k] = _src->data[k] + 0x20; + break; + + default: + binary->data[k] = _src->data[k]; + break; + + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_lower_modifier_get_path(const GScanLowerModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("lower"); + + return result; + +} diff --git a/src/analysis/scan/patterns/modifiers/lower.h b/src/analysis/scan/patterns/modifiers/lower.h new file mode 100644 index 0000000..d361340 --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/lower.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * lower.h - prototypes pour la transformation d'une séquence d'octets par passage en minuscules + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_PATTERNS_MODIFIERS_LOWER_H +#define _ANALYSIS_SCAN_PATTERNS_MODIFIERS_LOWER_H + + +#include <glib-object.h> + + +#include "../modifier.h" + + + +#define G_TYPE_SCAN_LOWER_MODIFIER g_scan_lower_modifier_get_type() +#define G_SCAN_LOWER_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_LOWER_MODIFIER, GScanLowerModifier)) +#define G_IS_SCAN_LOWER_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_LOWER_MODIFIER)) +#define G_SCAN_LOWER_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_LOWER_MODIFIER, GScanLowerModifierClass)) +#define G_IS_SCAN_LOWER_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_LOWER_MODIFIER)) +#define G_SCAN_LOWER_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_LOWER_MODIFIER, GScanLowerModifierClass)) + + +/* Transformation d'une séquence d'octets par passage en minuscules (instance) */ +typedef GScanTokenModifier GScanLowerModifier; + +/* Transformation d'une séquence d'octets par passage en minuscules (classe) */ +typedef GScanTokenModifierClass GScanLowerModifierClass; + + +/* Indique le type défini pour une transformation par bascule en minuscules. */ +GType g_scan_lower_modifier_get_type(void); + +/* Construit un modificateur livrant des octets en minuscules. */ +GScanTokenModifier *g_scan_lower_modifier_new(void); + + + +#endif /* _ANALYSIS_SCAN_PATTERNS_MODIFIERS_LOWER_H */ diff --git a/src/analysis/scan/exprs/counter-int.h b/src/analysis/scan/patterns/modifiers/pipe-int.h index 8c5e56b..63c4d97 100644 --- a/src/analysis/scan/exprs/counter-int.h +++ b/src/analysis/scan/patterns/modifiers/pipe-int.h @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * counter-int.h - prototypes internes pour le décompte de correspondances identifiées dans du contenu binaire + * pipe-int.h - prototypes internes pour la gestion de combinaisons de transformateurs * * Copyright (C) 2023 Cyrille Bagard * @@ -21,37 +21,34 @@ */ -#ifndef _ANALYSIS_SCAN_EXPRS_COUNTER_INT_H -#define _ANALYSIS_SCAN_EXPRS_COUNTER_INT_H +#ifndef _ANALYSIS_SCAN_MODIFIERS_PIPE_INT_H +#define _ANALYSIS_SCAN_MODIFIERS_PIPE_INT_H -#include "counter.h" +#include "pipe.h" -#include "../expr-int.h" +#include "../modifier-int.h" -/* Décompte des identifications de motifs (instance) */ -struct _GScanMatchCounter +/* Enchainement combinatoire de transformations d'octets (instance) */ +struct _GScanModifierPipe { - GScanExpression parent; /* A laisser en premier */ + GScanTokenModifier parent; /* A laisser en premier */ - GSearchPattern *pattern; /* Motif associé */ + GScanTokenModifier **modifiers; /* Pipee de transformateurs */ + size_t count; /* Taille de cette pipee */ }; -/* Décompte des identifications de motifs (classe) */ -struct _GScanMatchCounterClass +/* Enchainement combinatoire de transformations d'octets (classe) */ +struct _GScanModifierPipeClass { - GScanExpressionClass parent; /* A laisser en premier */ + GScanTokenModifierClass parent; /* A laisser en premier */ }; -/* Met en place un compteur de correspondances. */ -bool g_scan_match_counter_create(GScanMatchCounter *, GSearchPattern *); - - -#endif /* _ANALYSIS_SCAN_EXPRS_COUNTER_INT_H */ +#endif /* _ANALYSIS_SCAN_MODIFIERS_PIPE_INT_H */ diff --git a/src/analysis/scan/patterns/modifiers/pipe.c b/src/analysis/scan/patterns/modifiers/pipe.c new file mode 100644 index 0000000..7c659ea --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/pipe.c @@ -0,0 +1,405 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * pipe.c - gestion de combinaisons de transformateurs + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "pipe.h" + + +#include <assert.h> +#include <malloc.h> + + +#include "pipe-int.h" + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des pipee de transformations d'octets. */ +static void g_scan_modifier_pipe_class_init(GScanModifierPipeClass *); + +/* Initialise une instance de pipee de transformations d'octets. */ +static void g_scan_modifier_pipe_init(GScanModifierPipe *); + +/* Supprime toutes les références externes. */ +static void g_scan_modifier_pipe_dispose(GScanModifierPipe *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_modifier_pipe_finalize(GScanModifierPipe *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_modifier_pipe_get_name(const GScanModifierPipe *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_modifier_pipe_transform(const GScanModifierPipe *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_modifier_pipe_get_path(const GScanModifierPipe *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une série de transformations d'octets. */ +G_DEFINE_TYPE(GScanModifierPipe, g_scan_modifier_pipe, G_TYPE_SCAN_TOKEN_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des pipee de transformations d'octets. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_modifier_pipe_class_init(GScanModifierPipeClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_modifier_pipe_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_modifier_pipe_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_modifier_pipe_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_modifier_pipe_transform; + modifier->get_path = (get_modifier_path)g_scan_modifier_pipe_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : pipe = instance à initialiser. * +* * +* Description : Initialise une instance de pipee de transformations d'octets.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_modifier_pipe_init(GScanModifierPipe *pipe) +{ + pipe->modifiers = NULL; + pipe->count = 0; + +} + + +/****************************************************************************** +* * +* Paramètres : pipe = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_modifier_pipe_dispose(GScanModifierPipe *pipe) +{ + size_t i; /* Boucle de parcours */ + + for (i = 0; i < pipe->count; i++) + g_clear_object(&pipe->modifiers[i]); + + G_OBJECT_CLASS(g_scan_modifier_pipe_parent_class)->dispose(G_OBJECT(pipe)); + +} + + +/****************************************************************************** +* * +* Paramètres : pipe = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_modifier_pipe_finalize(GScanModifierPipe *pipe) +{ + if (pipe->modifiers != NULL) + free(pipe->modifiers); + + G_OBJECT_CLASS(g_scan_modifier_pipe_parent_class)->finalize(G_OBJECT(pipe)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit une pipee de modificateurs d'octets. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_modifier_pipe_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_MODIFIER_PIPE, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : pipe = pipee de modificateurs à étendre. * +* modifier = modificateur à intégrer. * +* * +* Description : Intègre un nouveau transformateur à enchaîner. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_modifier_pipe_add(GScanModifierPipe *pipe, GScanTokenModifier *modifier) +{ + pipe->modifiers = realloc(pipe->modifiers, ++pipe->count * sizeof(GScanTokenModifier *)); + + pipe->modifiers[pipe->count - 1] = modifier; + g_object_ref(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : pipe = série à consulter. * +* * +* Description : Indique le nombre de transformateurs intégrés dans la série. * +* * +* Retour : Nombre de modificateurs représentés. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_scan_modifier_pipe_count(const GScanModifierPipe *pipe) +{ + size_t result; /* Quantité à retourner */ + + result = pipe->count; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : pipe = série à consulter. * +* index = indice du paramètre à retourner. * +* * +* Description : Fournit un transformateur donné de la série. * +* * +* Retour : Modificateur inclus dans la pipee ou NULL si mauvais indice. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_modifier_pipe_get(const GScanModifierPipe *pipe, size_t index) +{ + GScanTokenModifier *result; /* Instance à retourner */ + + assert(index < pipe->count); + + if (index < pipe->count) + { + result = pipe->modifiers[index]; + g_object_ref(G_OBJECT(result)); + } + + else + result = NULL; + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_modifier_pipe_get_name(const GScanModifierPipe *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("(pipe)"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_modifier_pipe_transform(const GScanModifierPipe *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + size_t i; /* Boucle de parcours #1 */ + sized_binary_t *tmp_in; /* Motifs supplémentaires */ + size_t tmp_in_count; /* Quantité de ces motifs */ + sized_binary_t *tmp_out; /* Motifs supplémentaires */ + size_t tmp_out_count; /* Quantité de ces motifs */ + size_t k; /* Boucle de parcours #2 */ + + for (i = 0; i < modifier->count; i++) + { + if (i == 0) + result = g_scan_token_modifier_transform(modifier->modifiers[i], + src, scount, &tmp_out, &tmp_out_count); + + else + { + tmp_in = tmp_out; + tmp_in_count = tmp_out_count; + + result = g_scan_token_modifier_transform(modifier->modifiers[i], + tmp_in, tmp_in_count, &tmp_out, &tmp_out_count); + + for (k = 0; k < tmp_in_count; k++) + exit_szstr(&tmp_in[k]); + + if (tmp_in != NULL) + free(tmp_in); + + } + + if (!result) + break; + + } + + if (!result) + { + for (k = 0; k < tmp_out_count; k++) + exit_szstr(&tmp_out[k]); + + if (tmp_out != NULL) + free(tmp_out); + + *dest = NULL; + *dcount = 0; + + } + else + { + *dcount += tmp_out_count; + *dest = tmp_out; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_modifier_pipe_get_path(const GScanModifierPipe *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + size_t i; /* Boucle de parcours #1 */ + + result = NULL; + + for (i = 0; i < modifier->count && result == NULL; i++) + result = g_scan_token_modifier_get_path(modifier->modifiers[i], index); + + return result; + +} diff --git a/src/analysis/scan/patterns/modifiers/pipe.h b/src/analysis/scan/patterns/modifiers/pipe.h new file mode 100644 index 0000000..8f9ca48 --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/pipe.h @@ -0,0 +1,68 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * pipe.h - prototypes pour la gestion de combinaisons de transformateurs + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_MODIFIERS_PIPE_H +#define _ANALYSIS_SCAN_MODIFIERS_PIPE_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include "../modifier.h" + + + +#define G_TYPE_SCAN_MODIFIER_PIPE g_scan_modifier_pipe_get_type() +#define G_SCAN_MODIFIER_PIPE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_MODIFIER_PIPE, GScanModifierPipe)) +#define G_IS_SCAN_MODIFIER_PIPE(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_MODIFIER_PIPE)) +#define G_SCAN_MODIFIER_PIPE_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_MODIFIER_PIPE, GScanModifierPipeClass)) +#define G_IS_SCAN_MODIFIER_PIPE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_MODIFIER_PIPE)) +#define G_SCAN_MODIFIER_PIPE_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_MODIFIER_PIPE, GScanModifierPipeClass)) + + +/* Enchainement combinatoire de transformations d'octets (instance) */ +typedef struct _GScanModifierPipe GScanModifierPipe; + +/* Enchainement combinatoire de transformations d'octets (classe) */ +typedef struct _GScanModifierPipeClass GScanModifierPipeClass; + + +/* Indique le type défini pour une série de transformations d'octets. */ +GType g_scan_modifier_pipe_get_type(void); + +/* Construit une pipee de modificateurs d'octets. */ +GScanTokenModifier *g_scan_modifier_pipe_new(void); + +/* Intègre un nouveau transformateur à enchaîner. */ +void g_scan_modifier_pipe_add(GScanModifierPipe *, GScanTokenModifier *); + +/* Indique le nombre de transformateurs intégrés dans la série. */ +size_t g_scan_modifier_pipe_count(const GScanModifierPipe *); + +/* Fournit un transformateur donné de la pipee. */ +GScanTokenModifier *g_scan_modifier_pipe_get(const GScanModifierPipe *, size_t); + + + +#endif /* _ANALYSIS_SCAN_MODIFIERS_PIPE_H */ diff --git a/src/analysis/scan/patterns/modifiers/plain.c b/src/analysis/scan/patterns/modifiers/plain.c index 5837d46..ad09129 100644 --- a/src/analysis/scan/patterns/modifiers/plain.c +++ b/src/analysis/scan/patterns/modifiers/plain.c @@ -56,7 +56,10 @@ static void g_scan_plain_modifier_finalize(GScanPlainModifier *); static char *g_scan_plain_modifier_get_name(const GScanPlainModifier *); /* Transforme une séquence d'octets pour motif de recherche. */ -static bool g_scan_plain_modifier_transform(const GScanPlainModifier *, const sized_binary_t *, sized_binary_t **, size_t *); +static bool g_scan_plain_modifier_transform(const GScanPlainModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_plain_modifier_get_path(const GScanPlainModifier *, size_t *); @@ -96,6 +99,7 @@ static void g_scan_plain_modifier_class_init(GScanPlainModifierClass *klass) modifier->get_name = (get_scan_modifier_name_fc)g_scan_plain_modifier_get_name; modifier->transform = (transform_scan_token_fc)g_scan_plain_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_plain_modifier_get_path; } @@ -211,9 +215,10 @@ static char *g_scan_plain_modifier_get_name(const GScanPlainModifier *modifier) /****************************************************************************** * * * Paramètres : modifier = modificateur à solliciter. * -* src = séquence d'octets à traiter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * * dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * -* count = quantité de ces séquences. * +* dcount = quantité de ces séquences. * * * * Description : Transforme une séquence d'octets pour motif de recherche. * * * @@ -223,22 +228,61 @@ static char *g_scan_plain_modifier_get_name(const GScanPlainModifier *modifier) * * ******************************************************************************/ -static bool g_scan_plain_modifier_transform(const GScanPlainModifier *modifier, const sized_binary_t *src, sized_binary_t **dest, size_t *count) +static bool g_scan_plain_modifier_transform(const GScanPlainModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) { bool result; /* Bilan d'opération à renvoyer*/ sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours */ + const sized_binary_t *_src; /* Source courante */ result = true; - *dest = malloc(1 * sizeof(sized_binary_t)); - *count = 1; + *dcount = scount; + *dest = malloc(*dcount * sizeof(sized_binary_t)); binary = &(*dest)[0]; - binary->len = src->len; - binary->data = malloc(binary->len); + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + binary->len = _src->len; + binary->data = malloc(binary->len); + + memcpy(binary->data, _src->data, _src->len); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_plain_modifier_get_path(const GScanPlainModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } - memcpy(binary->data, src->data, src->len); + else + result = strdup("plain"); return result; diff --git a/src/analysis/scan/patterns/modifiers/rev.c b/src/analysis/scan/patterns/modifiers/rev.c index d22b549..ef4d5fa 100644 --- a/src/analysis/scan/patterns/modifiers/rev.c +++ b/src/analysis/scan/patterns/modifiers/rev.c @@ -56,7 +56,10 @@ static void g_scan_reverse_modifier_finalize(GScanReverseModifier *); static char *g_scan_reverse_modifier_get_name(const GScanReverseModifier *); /* Transforme une séquence d'octets pour motif de recherche. */ -static bool g_scan_reverse_modifier_transform(const GScanReverseModifier *, const sized_binary_t *, sized_binary_t **, size_t *); +static bool g_scan_reverse_modifier_transform(const GScanReverseModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_reverse_modifier_get_path(const GScanReverseModifier *, size_t *); @@ -96,6 +99,7 @@ static void g_scan_reverse_modifier_class_init(GScanReverseModifierClass *klass) modifier->get_name = (get_scan_modifier_name_fc)g_scan_reverse_modifier_get_name; modifier->transform = (transform_scan_token_fc)g_scan_reverse_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_reverse_modifier_get_path; } @@ -211,9 +215,10 @@ static char *g_scan_reverse_modifier_get_name(const GScanReverseModifier *modifi /****************************************************************************** * * * Paramètres : modifier = modificateur à solliciter. * -* src = séquence d'octets à traiter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * * dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * -* count = quantité de ces séquences. * +* dcount = quantité de ces séquences. * * * * Description : Transforme une séquence d'octets pour motif de recherche. * * * @@ -223,24 +228,63 @@ static char *g_scan_reverse_modifier_get_name(const GScanReverseModifier *modifi * * ******************************************************************************/ -static bool g_scan_reverse_modifier_transform(const GScanReverseModifier *modifier, const sized_binary_t *src, sized_binary_t **dest, size_t *count) +static bool g_scan_reverse_modifier_transform(const GScanReverseModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) { bool result; /* Bilan d'opération à renvoyer*/ sized_binary_t *binary; /* Raccourci vers le stockage */ - size_t i; /* Boucle de parcours */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + size_t k; /* Boucle de parcours #2 */ result = true; - *dest = malloc(1 * sizeof(sized_binary_t)); - *count = 1; + *dcount = scount; + *dest = malloc(*dcount * sizeof(sized_binary_t)); binary = &(*dest)[0]; - binary->len = src->len; - binary->data = malloc(binary->len); + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + binary->len = _src->len; + binary->data = malloc(binary->len); + + for (k = 0; k < _src->len; k++) + binary->data[_src->len - k - 1] = _src->data[k]; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_reverse_modifier_get_path(const GScanReverseModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } - for (i = 0; i < src->len; i++) - binary->data[src->len - i - 1] = src->data[i]; + else + result = strdup("rev"); return result; diff --git a/src/analysis/scan/patterns/modifiers/upper.c b/src/analysis/scan/patterns/modifiers/upper.c new file mode 100644 index 0000000..9d1086b --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/upper.c @@ -0,0 +1,301 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * upper.c - transformation d'une séquence d'octets par passage en majuscules + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "upper.h" + + +#include <malloc.h> +#include <string.h> + + +#include "../modifier-int.h" + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions en majuscules. */ +static void g_scan_upper_modifier_class_init(GScanUpperModifierClass *klass); + +/* Initialise une instance de transmission en majuscules. */ +static void g_scan_upper_modifier_init(GScanUpperModifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_upper_modifier_dispose(GScanUpperModifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_upper_modifier_finalize(GScanUpperModifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_upper_modifier_get_name(const GScanUpperModifier *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_upper_modifier_transform(const GScanUpperModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_upper_modifier_get_path(const GScanUpperModifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transformation par bascule en majuscules. */ +G_DEFINE_TYPE(GScanUpperModifier, g_scan_upper_modifier, G_TYPE_SCAN_TOKEN_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions en majuscules. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_upper_modifier_class_init(GScanUpperModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_upper_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_upper_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_upper_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_upper_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_upper_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission en majuscules. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_upper_modifier_init(GScanUpperModifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_upper_modifier_dispose(GScanUpperModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_upper_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_upper_modifier_finalize(GScanUpperModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_upper_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des octets en majuscules. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_upper_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_UPPER_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_upper_modifier_get_name(const GScanUpperModifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("upper"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_upper_modifier_transform(const GScanUpperModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + size_t k; /* Boucle de parcours #2 */ + + result = true; + + *dcount = scount; + *dest = malloc(*dcount * sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + binary->len = _src->len; + binary->data = malloc(binary->len); + + for (k = 0; k < _src->len; k++) + switch (_src->data[k]) + { + case 'a' ... 'z': + binary->data[k] = _src->data[k] - 0x20; + break; + + default: + binary->data[k] = _src->data[k]; + break; + + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_upper_modifier_get_path(const GScanUpperModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("upper"); + + return result; + +} diff --git a/src/analysis/scan/patterns/modifiers/upper.h b/src/analysis/scan/patterns/modifiers/upper.h new file mode 100644 index 0000000..4666312 --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/upper.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * upper.h - prototypes pour la transformation d'une séquence d'octets par passage en majuscules + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_PATTERNS_MODIFIERS_UPPER_H +#define _ANALYSIS_SCAN_PATTERNS_MODIFIERS_UPPER_H + + +#include <glib-object.h> + + +#include "../modifier.h" + + + +#define G_TYPE_SCAN_UPPER_MODIFIER g_scan_upper_modifier_get_type() +#define G_SCAN_UPPER_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_UPPER_MODIFIER, GScanUpperModifier)) +#define G_IS_SCAN_UPPER_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_UPPER_MODIFIER)) +#define G_SCAN_UPPER_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_UPPER_MODIFIER, GScanUpperModifierClass)) +#define G_IS_SCAN_UPPER_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_UPPER_MODIFIER)) +#define G_SCAN_UPPER_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_UPPER_MODIFIER, GScanUpperModifierClass)) + + +/* Transformation d'une séquence d'octets par passage en majuscules (instance) */ +typedef GScanTokenModifier GScanUpperModifier; + +/* Transformation d'une séquence d'octets par passage en majuscules (classe) */ +typedef GScanTokenModifierClass GScanUpperModifierClass; + + +/* Indique le type défini pour une transformation par bascule en majuscules. */ +GType g_scan_upper_modifier_get_type(void); + +/* Construit un modificateur livrant des octets en majuscules. */ +GScanTokenModifier *g_scan_upper_modifier_new(void); + + + +#endif /* _ANALYSIS_SCAN_PATTERNS_MODIFIERS_UPPER_H */ diff --git a/src/analysis/scan/patterns/modifiers/wide.c b/src/analysis/scan/patterns/modifiers/wide.c new file mode 100644 index 0000000..ef252d9 --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/wide.c @@ -0,0 +1,291 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * wide.c - transcription d'une séquence d'octets en UTF-16 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "wide.h" + + +#include <malloc.h> +#include <string.h> + + +#include "../modifier-int.h" + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transcriptions en UTF-16. */ +static void g_scan_wide_modifier_class_init(GScanWideModifierClass *klass); + +/* Initialise une instance de transcription en UTF-16. */ +static void g_scan_wide_modifier_init(GScanWideModifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_wide_modifier_dispose(GScanWideModifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_wide_modifier_finalize(GScanWideModifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_wide_modifier_get_name(const GScanWideModifier *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_wide_modifier_transform(const GScanWideModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_wide_modifier_get_path(const GScanWideModifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transcription d'une séquence d'octets en UTF-16. */ +G_DEFINE_TYPE(GScanWideModifier, g_scan_wide_modifier, G_TYPE_SCAN_TOKEN_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transcriptions en UTF-16. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_wide_modifier_class_init(GScanWideModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_wide_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_wide_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_wide_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_wide_modifier_transform; + modifier->get_path = (get_modifier_path)g_scan_wide_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transcription en UTF-16. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_wide_modifier_init(GScanWideModifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_wide_modifier_dispose(GScanWideModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_wide_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_wide_modifier_finalize(GScanWideModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_wide_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des octets en UTF-16. * +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_wide_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_WIDE_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_wide_modifier_get_name(const GScanWideModifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("wide"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_wide_modifier_transform(const GScanWideModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + size_t k; /* Boucle de parcours #2 */ + + result = true; + + *dcount = scount; + *dest = malloc(*dcount * sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++, binary++) + { + _src = src + i; + + binary->len = _src->len * 2; + binary->data = calloc(binary->len * 2, sizeof(bin_t)); + + for (k = 0; k < _src->len; k++) + binary->data[k * 2] = _src->data[k]; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_wide_modifier_get_path(const GScanWideModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + + if (*index > 0) + { + result = NULL; + (*index)--; + } + + else + result = strdup("wide"); + + return result; + +} diff --git a/src/analysis/scan/patterns/modifiers/wide.h b/src/analysis/scan/patterns/modifiers/wide.h new file mode 100644 index 0000000..deb92a4 --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/wide.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * wide.h - prototypes pour la transcription d'une séquence d'octets en UTF-16 + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_PATTERNS_MODIFIERS_WIDE_H +#define _ANALYSIS_SCAN_PATTERNS_MODIFIERS_WIDE_H + + +#include <glib-object.h> + + +#include "../modifier.h" + + + +#define G_TYPE_SCAN_WIDE_MODIFIER g_scan_wide_modifier_get_type() +#define G_SCAN_WIDE_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_WIDE_MODIFIER, GScanWideModifier)) +#define G_IS_SCAN_WIDE_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_WIDE_MODIFIER)) +#define G_SCAN_WIDE_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_WIDE_MODIFIER, GScanWideModifierClass)) +#define G_IS_SCAN_WIDE_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_WIDE_MODIFIER)) +#define G_SCAN_WIDE_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_WIDE_MODIFIER, GScanWideModifierClass)) + + +/* Transcription d'une séquence d'octets en UTF-16 (instance) */ +typedef GScanTokenModifier GScanWideModifier; + +/* Transcription d'une séquence d'octets en UTF-16 (classe) */ +typedef GScanTokenModifierClass GScanWideModifierClass; + + +/* Indique le type défini pour une transcription d'une séquence d'octets en UTF-16. */ +GType g_scan_wide_modifier_get_type(void); + +/* Construit un modificateur livrant des octets en UTF-16. */ +GScanTokenModifier *g_scan_wide_modifier_new(void); + + + +#endif /* _ANALYSIS_SCAN_PATTERNS_MODIFIERS_WIDE_H */ diff --git a/src/analysis/scan/patterns/modifiers/xor.c b/src/analysis/scan/patterns/modifiers/xor.c new file mode 100644 index 0000000..d932c82 --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/xor.c @@ -0,0 +1,438 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * xor.c - transormation via opération XOR + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "xor.h" + + +#include <assert.h> +#include <malloc.h> +#include <stdint.h> +#include <stdio.h> +#include <string.h> + + +#include "../modifier-int.h" + + + +/* ----------------------- RECHERCHE D'UN MOTIF DE TEXTE BRUT ----------------------- */ + + +/* Initialise la classe des transmissions via opération XOR. */ +static void g_scan_xor_modifier_class_init(GScanXorModifierClass *klass); + +/* Initialise une instance de transmission via opération XOR. */ +static void g_scan_xor_modifier_init(GScanXorModifier *); + +/* Supprime toutes les références externes. */ +static void g_scan_xor_modifier_dispose(GScanXorModifier *); + +/* Procède à la libération totale de la mémoire. */ +static void g_scan_xor_modifier_finalize(GScanXorModifier *); + + + +/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ + + +/* Fournit le nom d'appel d'un modificateur pour motif. */ +static char *g_scan_xor_modifier_get_name(const GScanXorModifier *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_xor_modifier_transform(const GScanXorModifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *); + +/* Détermine si un argument est bien toléré par un modificateur. */ +static bool g_scan_xor_modifier_can_handle_arg(const GScanXorModifier *, const modifier_arg_t *); + +/* Transforme une séquence d'octets pour motif de recherche. */ +static bool g_scan_xor_modifier_transform_with_arg(const GScanXorModifier *, const sized_binary_t *, size_t, const modifier_arg_t *, sized_binary_t **, size_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +static char *g_scan_xor_modifier_get_path(const GScanXorModifier *, size_t *); + + + +/* ---------------------------------------------------------------------------------- */ +/* RECHERCHE D'UN MOTIF DE TEXTE BRUT */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour une transormation via une opération XOR. */ +G_DEFINE_TYPE(GScanXorModifier, g_scan_xor_modifier, G_TYPE_SCAN_TOKEN_MODIFIER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des transmissions via opération XOR. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_xor_modifier_class_init(GScanXorModifierClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GScanTokenModifierClass *modifier; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_xor_modifier_dispose; + object->finalize = (GObjectFinalizeFunc)g_scan_xor_modifier_finalize; + + modifier = G_SCAN_TOKEN_MODIFIER_CLASS(klass); + + modifier->get_name = (get_scan_modifier_name_fc)g_scan_xor_modifier_get_name; + + modifier->transform = (transform_scan_token_fc)g_scan_xor_modifier_transform; + modifier->can_handle = (can_token_modifier_handle_arg)g_scan_xor_modifier_can_handle_arg; + modifier->transform_with = (transform_scan_token_with_fc)g_scan_xor_modifier_transform_with_arg; + modifier->get_path = (get_modifier_path)g_scan_xor_modifier_get_path; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance à initialiser. * +* * +* Description : Initialise une instance de transmission via opération XOR. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_xor_modifier_init(GScanXorModifier *modifier) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_xor_modifier_dispose(GScanXorModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_xor_modifier_parent_class)->dispose(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_xor_modifier_finalize(GScanXorModifier *modifier) +{ + G_OBJECT_CLASS(g_scan_xor_modifier_parent_class)->finalize(G_OBJECT(modifier)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Construit un modificateur livrant des octets traités par XOR.* +* * +* Retour : Mécanisme mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenModifier *g_scan_xor_modifier_new(void) +{ + GScanTokenModifier *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_SCAN_XOR_MODIFIER, NULL); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* IMPLEMENTATION DES FONCTIONS DE CLASSE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* * +* Description : Fournit le nom d'appel d'un modificateur pour motif. * +* * +* Retour : Désignation humaine. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_xor_modifier_get_name(const GScanXorModifier *modifier) +{ + char *result; /* Désignation à retourner */ + + result = strdup("xor"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_xor_modifier_transform(const GScanXorModifier *modifier, const sized_binary_t *src, size_t scount, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + long long x; /* Boucle de parcours #2 */ + size_t k; /* Boucle de parcours #3 */ + + result = true; + + *dcount = scount * 256; + *dest = malloc(*dcount * sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++) + { + _src = src + i; + + for (x = 0; x <= 0xff; x++, binary++) + { + binary->len = _src->len; + binary->data = malloc(binary->len); + + for (k = 0; k < _src->len; k++) + binary->data[k] = _src->data[k] ^ x; + + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* arg = argument de personnalisation. * +* * +* Description : Détermine si un argument est bien toléré par un modificateur.* +* * +* Retour : Bilan de la consultation : support ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_xor_modifier_can_handle_arg(const GScanXorModifier *modifier, const modifier_arg_t *arg) +{ + bool result; /* Bilan d'opération à renvoyer*/ + + switch (arg->type) + { + case MAT_UNSIGNED_INTEGER: + result = (arg->value.u_integer <= UINT8_MAX); + break; + + case MAT_RANGE: + result = (INT8_MIN <= arg->value.range.start && arg->value.range.end <= INT8_MAX); + break; + + default: + result = false; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à solliciter. * +* src = séquences d'octets à traiter. * +* scount = quantité de ces séquences. * +* arg = argument de personnalisation. * +* dest = nouvelle(s) séquence(s) d'octets obtenue(s) [OUT] * +* dcount = quantité de ces séquences. * +* * +* Description : Transforme une séquence d'octets pour motif de recherche. * +* * +* Retour : Bilan de l'opération : succès ou échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_xor_modifier_transform_with_arg(const GScanXorModifier *modifier, const sized_binary_t *src, size_t scount, const modifier_arg_t *arg, sized_binary_t **dest, size_t *dcount) +{ + bool result; /* Bilan d'opération à renvoyer*/ + sized_binary_t *binary; /* Raccourci vers le stockage */ + size_t i; /* Boucle de parcours #1 */ + const sized_binary_t *_src; /* Source courante */ + long long x; /* Boucle de parcours #2 */ + size_t k; /* Boucle de parcours #3 */ + + result = true; + + switch (arg->type) + { + case MAT_UNSIGNED_INTEGER: + + *dcount = scount; + *dest = malloc(*dcount * sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++) + { + _src = src + i; + + binary->len = _src->len; + binary->data = malloc(binary->len); + + for (k = 0; k < _src->len; k++) + binary->data[k] = _src->data[k] ^ arg->value.u_integer; + + } + + break; + + case MAT_RANGE: + + *dcount = scount * (arg->value.range.end - arg->value.range.start + 1); + *dest = malloc(*dcount * sizeof(sized_binary_t)); + + binary = &(*dest)[0]; + + for (i = 0; i < scount; i++) + { + _src = src + i; + + for (x = arg->value.range.start; x <= arg->value.range.end; x++, binary++) + { + binary->len = _src->len; + binary->data = malloc(binary->len); + + for (k = 0; k < _src->len; k++) + binary->data[k] = _src->data[k] ^ x; + + } + + } + + break; + + default: + assert(false); + result = false; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : modifier = modificateur à consulter. * +* index = indice de la combinaison ciblée. [OUT] * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static char *g_scan_xor_modifier_get_path(const GScanXorModifier *modifier, size_t *index) +{ + char *result; /* Combinaison à retourner */ + int ret; /* Bilan intermédiaire */ + + if (*index > 255) + { + result = NULL; + (*index) -= 256; + } + + else + { + ret = asprintf(&result, "xor(0x%02hhx)", (unsigned char)*index); + + if (ret == -1) + result = strdup("xor(0x?)"); + + } + + return result; + +} diff --git a/src/analysis/scan/patterns/modifiers/xor.h b/src/analysis/scan/patterns/modifiers/xor.h new file mode 100644 index 0000000..1a3e7e6 --- /dev/null +++ b/src/analysis/scan/patterns/modifiers/xor.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * xor.h - prototypes pour la transormation via opération XOR + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_PATTERNS_MODIFIERS_XOR_H +#define _ANALYSIS_SCAN_PATTERNS_MODIFIERS_XOR_H + + +#include <glib-object.h> + + +#include "../modifier.h" + + + +#define G_TYPE_SCAN_XOR_MODIFIER g_scan_xor_modifier_get_type() +#define G_SCAN_XOR_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_XOR_MODIFIER, GScanXorModifier)) +#define G_IS_SCAN_XOR_MODIFIER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_XOR_MODIFIER)) +#define G_SCAN_XOR_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_XOR_MODIFIER, GScanXorModifierClass)) +#define G_IS_SCAN_XOR_MODIFIER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_XOR_MODIFIER)) +#define G_SCAN_XOR_MODIFIER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_XOR_MODIFIER, GScanXorModifierClass)) + + +/* Transormation via inversement d'une séquence d'octets (instance) */ +typedef GScanTokenModifier GScanXorModifier; + +/* Transormation via inversement d'une séquence d'octets (classe) */ +typedef GScanTokenModifierClass GScanXorModifierClass; + + +/* Indique le type défini pour une transormation via une opération XOR. */ +GType g_scan_xor_modifier_get_type(void); + +/* Construit un modificateur livrant des octets traités par XOR. */ +GScanTokenModifier *g_scan_xor_modifier_new(void); + + + +#endif /* _ANALYSIS_SCAN_PATTERNS_MODIFIERS_XOR_H */ diff --git a/src/analysis/scan/patterns/patid.h b/src/analysis/scan/patterns/patid.h new file mode 100644 index 0000000..e8b7eee --- /dev/null +++ b/src/analysis/scan/patterns/patid.h @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * patid.h - prototypes pour la définition d'un identifiant de motif partiel + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_SCAN_PATTERNS_PATID_H +#define _ANALYSIS_SCAN_PATTERNS_PATID_H + + + +/* Identifiant de motif intégré */ +typedef uint32_t patid_t; + +#define INVALID_PATTERN_ID 0xffffffff + + + +#endif /* _ANALYSIS_SCAN_PATTERNS_PATID_H */ diff --git a/src/analysis/scan/patterns/token-int.h b/src/analysis/scan/patterns/token-int.h index f1d63f0..7ba0aa4 100644 --- a/src/analysis/scan/patterns/token-int.h +++ b/src/analysis/scan/patterns/token-int.h @@ -33,7 +33,7 @@ /* Encadrement d'une bribe de recherche textuelle (instance) */ -struct _GStringToken +struct _GBytesToken { GSearchPattern parent; /* A laisser en premier */ @@ -47,7 +47,7 @@ struct _GStringToken }; /* Encadrement d'une bribe de recherche textuelle (classe) */ -struct _GStringTokenClass +struct _GBytesTokenClass { GSearchPatternClass parent; /* A laisser en premier */ @@ -55,7 +55,7 @@ struct _GStringTokenClass /* Met en place un gestionnaire de recherche de binaire. */ -bool g_string_token_create(GStringToken *, GScanTokenNode *, bool, bool); +bool g_bytes_token_create(GBytesToken *, GScanTokenNode *, bool, bool); diff --git a/src/analysis/scan/patterns/token.c b/src/analysis/scan/patterns/token.c index f44680c..b3c6d53 100644 --- a/src/analysis/scan/patterns/token.c +++ b/src/analysis/scan/patterns/token.c @@ -30,6 +30,7 @@ #include "token-int.h" +#include "tokens/nodes/plain.h" #include "../../../common/cpp.h" #include "../../../core/logs.h" @@ -39,16 +40,16 @@ /* Initialise la classe des bribes de recherche textuelle. */ -static void g_string_token_class_init(GStringTokenClass *); +static void g_bytes_token_class_init(GBytesTokenClass *); /* Initialise une instance de bribe de recherche textuelle. */ -static void g_string_token_init(GStringToken *); +static void g_bytes_token_init(GBytesToken *); /* Supprime toutes les références externes. */ -static void g_string_token_dispose(GStringToken *); +static void g_bytes_token_dispose(GBytesToken *); /* Procède à la libération totale de la mémoire. */ -static void g_string_token_finalize(GStringToken *); +static void g_bytes_token_finalize(GBytesToken *); @@ -56,10 +57,10 @@ static void g_string_token_finalize(GStringToken *); /* Affiche un motif de recherche au format texte. */ -static void g_string_token_output_to_text(const GStringToken *, GScanContext *, int); +static void g_bytes_token_output_to_text(const GBytesToken *, GScanContext *, int); /* Affiche un motif de recherche au format JSON. */ -static void g_string_token_output_to_json(const GStringToken *, GScanContext *, const sized_string_t *, unsigned int, int); +static void g_bytes_token_output_to_json(const GBytesToken *, GScanContext *, const sized_string_t *, unsigned int, int); @@ -69,7 +70,7 @@ static void g_string_token_output_to_json(const GStringToken *, GScanContext *, /* Indique le type défini pour une bribe de recherche textuelle. */ -G_DEFINE_TYPE(GStringToken, g_string_token, G_TYPE_SEARCH_PATTERN); +G_DEFINE_TYPE(GBytesToken, g_bytes_token, G_TYPE_SEARCH_PATTERN); /****************************************************************************** @@ -84,20 +85,20 @@ G_DEFINE_TYPE(GStringToken, g_string_token, G_TYPE_SEARCH_PATTERN); * * ******************************************************************************/ -static void g_string_token_class_init(GStringTokenClass *klass) +static void g_bytes_token_class_init(GBytesTokenClass *klass) { GObjectClass *object; /* Autre version de la classe */ GSearchPatternClass *pattern; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); - object->dispose = (GObjectFinalizeFunc/* ! */)g_string_token_dispose; - object->finalize = (GObjectFinalizeFunc)g_string_token_finalize; + object->dispose = (GObjectFinalizeFunc/* ! */)g_bytes_token_dispose; + object->finalize = (GObjectFinalizeFunc)g_bytes_token_finalize; pattern = G_SEARCH_PATTERN_CLASS(klass); - pattern->to_text = (output_pattern_to_text_fc)g_string_token_output_to_text; - pattern->to_json = (output_pattern_to_json_fc)g_string_token_output_to_json; + pattern->to_text = (output_pattern_to_text_fc)g_bytes_token_output_to_text; + pattern->to_json = (output_pattern_to_json_fc)g_bytes_token_output_to_json; } @@ -114,7 +115,7 @@ static void g_string_token_class_init(GStringTokenClass *klass) * * ******************************************************************************/ -static void g_string_token_init(GStringToken *token) +static void g_bytes_token_init(GBytesToken *token) { token->root = NULL; token->slow = 0; @@ -138,9 +139,11 @@ static void g_string_token_init(GStringToken *token) * * ******************************************************************************/ -static void g_string_token_dispose(GStringToken *token) +static void g_bytes_token_dispose(GBytesToken *token) { - G_OBJECT_CLASS(g_string_token_parent_class)->dispose(G_OBJECT(token)); + g_clear_object(&token->root); + + G_OBJECT_CLASS(g_bytes_token_parent_class)->dispose(G_OBJECT(token)); } @@ -157,9 +160,9 @@ static void g_string_token_dispose(GStringToken *token) * * ******************************************************************************/ -static void g_string_token_finalize(GStringToken *token) +static void g_bytes_token_finalize(GBytesToken *token) { - G_OBJECT_CLASS(g_string_token_parent_class)->finalize(G_OBJECT(token)); + G_OBJECT_CLASS(g_bytes_token_parent_class)->finalize(G_OBJECT(token)); } @@ -179,7 +182,7 @@ static void g_string_token_finalize(GStringToken *token) * * ******************************************************************************/ -bool g_string_token_create(GStringToken *token, GScanTokenNode *root, bool fullword, bool private) +bool g_bytes_token_create(GBytesToken *token, GScanTokenNode *root, bool fullword, bool private) { bool result; /* Bilan à retourner */ @@ -208,7 +211,7 @@ bool g_string_token_create(GStringToken *token, GScanTokenNode *root, bool fullw * * ******************************************************************************/ -bool g_string_token_target_fullword(const GStringToken *token) +bool g_bytes_token_target_fullword(const GBytesToken *token) { bool result; /* Statut à renvoyer */ @@ -231,7 +234,7 @@ bool g_string_token_target_fullword(const GStringToken *token) * * ******************************************************************************/ -bool g_string_token_is_private(const GStringToken *token) +bool g_bytes_token_is_private(const GBytesToken *token) { bool result; /* Statut à renvoyer */ @@ -245,7 +248,6 @@ bool g_string_token_is_private(const GStringToken *token) /****************************************************************************** * * * Paramètres : token = définition de la bribe à enregistrer. * -* context = contexte de l'analyse à mener. * * backend = moteur de recherche à préchauffer. * * maxsize = taille max. des atomes (mise en commun optimisée). * * * @@ -257,13 +259,37 @@ bool g_string_token_is_private(const GStringToken *token) * * ******************************************************************************/ -bool g_string_token_enroll(GStringToken *token, GScanContext *context, GEngineBackend *backend, size_t maxsize) +bool g_bytes_token_enroll(GBytesToken *token, GEngineBackend *backend, size_t maxsize) { bool result; /* Statut à retourner */ token->need_backward = g_scan_token_node_setup_tree(token->root); - result = g_scan_token_node_enroll(token->root, context, backend, maxsize, &token->slow); + result = g_scan_token_node_enroll(token->root, backend, maxsize, &token->slow); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : token = définition de la bribe à peaufiner. * +* backend = moteur de recherche à préchauffer. * +* * +* Description : Récupère les identifiants finaux pour un motif recherché. * +* * +* Retour : Bilan de l'opération à renvoyer. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_bytes_token_build_id(GBytesToken *token, GEngineBackend *backend) +{ + bool result; /* Statut à retourner */ + + result = g_scan_token_node_build_id(token->root, backend); return result; @@ -273,9 +299,8 @@ bool g_string_token_enroll(GStringToken *token, GScanContext *context, GEngineBa /****************************************************************************** * * * Paramètres : token = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * * matches = suivi des correspondances à consolider. * +* params = paramètres des opérations de validation. * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -285,60 +310,108 @@ bool g_string_token_enroll(GStringToken *token, GScanContext *context, GEngineBa * * ******************************************************************************/ -void g_string_token_check(const GStringToken *token, GScanContext *context, GBinContent *content, pending_matches_t *matches) +void g_bytes_token_check(const GBytesToken *token, GScanBytesMatches *matches, scan_node_check_params_t *params) { - size_t p; /* Boucle de parcours #3 */ - match_area_t *pending; /* Correspondance à traiter */ + match_area_t *area; /* Correspondance à valider */ + match_area_t *next; /* Correspondance suivante */ vmpa2t pos; /* Tête de lecture */ const bin_t *byte; /* Octet à valider */ - g_scan_token_node_check_forward(token->root, context, content, matches); + /* Réinitialisation */ + + // TODO: offset + + params->initialized = false; + + params->main_areas = NULL; + params->main_count = 0; + + params->created_areas = NULL; + params->created_count = 0; + + params->kept_areas = NULL; + params->kept_count = 0; + + /* Lancement des analyses */ + + g_scan_token_node_check_forward(token->root, params); if (token->need_backward) - g_scan_token_node_check_backward(token->root, context, content, matches); + g_scan_token_node_check_backward(token->root, params); - sort_and_filter_pending_matches(matches); + // REMME ? sort_and_filter_pending_matches(matches); if (token->fullword) { - reset_pending_matches_ttl(matches); - - for (p = 0; p < matches->used; p++) + for_each_match_area_safe(area, ¶ms->main_areas, next) { - pending = &matches->areas[p]; - /* Validation de l'octet précédent, s'il existe */ - if (pending->start > matches->content_start) + if (area->start > params->content_start) { - init_vmpa(&pos, pending->start - 1, VMPA_NO_VIRTUAL); + init_vmpa(&pos, area->start - 1, VMPA_NO_VIRTUAL); - byte = g_binary_content_get_raw_access(content, &pos, 1); + byte = g_binary_content_get_raw_access(params->content, &pos, 1); if (isalnum(*byte)) + { + del_match_area(area, ¶ms->main_areas); + assert(¶ms->main_count > 0); + params->main_count--; continue; + } } /* Validation de l'octet suivant, s'il existe */ - if (pending->end < matches->content_end) + if (area->end < params->content_end) { - init_vmpa(&pos, pending->end, VMPA_NO_VIRTUAL); + init_vmpa(&pos, area->end, VMPA_NO_VIRTUAL); - byte = g_binary_content_get_raw_access(content, &pos, 1); + byte = g_binary_content_get_raw_access(params->content, &pos, 1); if (isalnum(*byte)) + { + del_match_area(area, ¶ms->main_areas); + assert(¶ms->main_count > 0); + params->main_count--; continue; + } } - keep_pending_match(pending); - } - purge_pending_matches(matches); - } + g_scan_bytes_matches_set_list(matches, params->main_areas, params->main_count); + +} + + +/****************************************************************************** +* * +* Paramètres : token = définition de la bribe à consulter. * +* index = indice de la combinaison de modificateurs ciblée. * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison gagnante. * +* * +* Remarques : - * +* * +******************************************************************************/ + +char *g_bytes_token_get_modifier_path(const GBytesToken *token, size_t index) +{ + char *result; /* Combinaison à retourner */ + + if (G_IS_SCAN_TOKEN_NODE_PLAIN(token->root)) + result = g_scan_token_node_plain_get_modifier_path(G_SCAN_TOKEN_NODE_PLAIN(token->root), index); + else + result = NULL; + + return result; + } @@ -362,19 +435,22 @@ void g_string_token_check(const GStringToken *token, GScanContext *context, GBin * * ******************************************************************************/ -static void g_string_token_output_to_text(const GStringToken *pattern, GScanContext *context, int fd) +static void g_bytes_token_output_to_text(const GBytesToken *pattern, GScanContext *context, int fd) { - const GScanMatch **matches; /* Correspondances établies */ - size_t count; /* Quantité de cette liste */ - size_t i; /* Boucle de parcours */ + GScanMatches *matches; /* Correspondances établies */ - if (g_string_token_is_private(pattern)) + if (g_bytes_token_is_private(pattern)) return; - matches = g_scan_context_get_full_matches(context, G_SEARCH_PATTERN(pattern), &count); + matches = g_scan_context_get_full_matches(context, G_SEARCH_PATTERN(pattern)); + + if (matches != NULL) + { + g_scan_matches_output_to_text(matches, fd); + + g_object_unref(G_OBJECT(matches)); - for (i = 0; i < count; i++) - g_scan_match_output_to_text(matches[i], fd); + } } @@ -395,59 +471,21 @@ static void g_string_token_output_to_text(const GStringToken *pattern, GScanCont * * ******************************************************************************/ -static void g_string_token_output_to_json(const GStringToken *pattern, GScanContext *context, const sized_string_t *padding, unsigned int level, int fd) +static void g_bytes_token_output_to_json(const GBytesToken *pattern, GScanContext *context, const sized_string_t *padding, unsigned int level, int fd) { - unsigned int i; /* Boucle de parcours #1 */ - const GScanMatch **matches; /* Correspondances établies */ - size_t count; /* Quantité de cette liste */ - char value[ULLONG_MAXLEN]; /* Impression de la position */ - int ret; /* Bilan d'une conversion */ - size_t k; /* Boucle de parcours #2 */ - bool trailing; /* Virgule finale */ - - if (g_string_token_is_private(pattern)) - return; - - matches = g_scan_context_get_full_matches(context, G_SEARCH_PATTERN(pattern), &count); - - /* Nombre de correspondances */ - - for (i = 0; i < level; i++) - write(fd, padding->data, padding->len); - - write(fd, "\"match_count\": ", 15); - - ret = snprintf(value, ULLONG_MAXLEN, "%zu", count); - - if (ret > 0) - write(fd, value, ret); - - else - { - log_simple_message(LMT_EXT_ERROR, "Error while converting value!"); - write(fd, "null", 4); - } - - write(fd, ",\n", 2); - - /* Détail des correspondances */ + GScanMatches *matches; /* Correspondances établies */ - for (i = 0; i < level; i++) - write(fd, padding->data, padding->len); + if (g_bytes_token_is_private(pattern)) + return; - write(fd, "\"matches\": [\n", 13); + matches = g_scan_context_get_full_matches(context, G_SEARCH_PATTERN(pattern)); - for (k = 0; k < count; k++) + if (matches != NULL) { - trailing = ((k + 1) < count); - - g_scan_match_output_to_json(matches[k], padding, level + 1, fd, trailing); + g_scan_matches_output_to_json(matches, padding, level, fd); + + g_object_unref(G_OBJECT(matches)); } - for (i = 0; i < level; i++) - write(fd, padding->data, padding->len); - - write(fd, "]\n", 2); - } diff --git a/src/analysis/scan/patterns/token.h b/src/analysis/scan/patterns/token.h index b361ecc..f5b78f6 100644 --- a/src/analysis/scan/patterns/token.h +++ b/src/analysis/scan/patterns/token.h @@ -30,39 +30,45 @@ #include "backend.h" #include "tokens/node.h" -#include "../matches/pending.h" +#include "../matches/bytes.h" -#define G_TYPE_STRING_TOKEN g_string_token_get_type() -#define G_STRING_TOKEN(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_STRING_TOKEN, GStringToken)) -#define G_IS_STRING_TOKEN(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_STRING_TOKEN)) -#define G_STRING_TOKEN_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_STRING_TOKEN, GStringTokenClass)) -#define G_IS_STRING_TOKEN_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_STRING_TOKEN)) -#define G_STRING_TOKEN_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_STRING_TOKEN, GStringTokenClass)) +#define G_TYPE_BYTES_TOKEN g_bytes_token_get_type() +#define G_BYTES_TOKEN(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_BYTES_TOKEN, GBytesToken)) +#define G_IS_BYTES_TOKEN(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_BYTES_TOKEN)) +#define G_BYTES_TOKEN_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_BYTES_TOKEN, GBytesTokenClass)) +#define G_IS_BYTES_TOKEN_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_BYTES_TOKEN)) +#define G_BYTES_TOKEN_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_BYTES_TOKEN, GBytesTokenClass)) /* Encadrement d'une bribe de recherche textuelle (instance) */ -typedef struct _GStringToken GStringToken; +typedef struct _GBytesToken GBytesToken; /* Encadrement d'une bribe de recherche textuelle (classe) */ -typedef struct _GStringTokenClass GStringTokenClass; +typedef struct _GBytesTokenClass GBytesTokenClass; /* Indique le type défini pour une bribe de recherche textuelle. */ -GType g_string_token_get_type(void); +GType g_bytes_token_get_type(void); /* Indique si seuls des mots entiers sont retenus des analyses. */ -bool g_string_token_target_fullword(const GStringToken *); +bool g_bytes_token_target_fullword(const GBytesToken *); /* Détermine si le gestionnaire est à vocation privée. */ -bool g_string_token_is_private(const GStringToken *); +bool g_bytes_token_is_private(const GBytesToken *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -bool g_string_token_enroll(GStringToken *, GScanContext *, GEngineBackend *, size_t); +bool g_bytes_token_enroll(GBytesToken *, GEngineBackend *, size_t); + +/* Récupère les identifiants finaux pour un motif recherché. */ +bool g_bytes_token_build_id(GBytesToken *, GEngineBackend *); /* Transforme les correspondances locales en trouvailles. */ -void g_string_token_check(const GStringToken *, GScanContext *, GBinContent *, pending_matches_t *); +void g_bytes_token_check(const GBytesToken *, GScanBytesMatches *, scan_node_check_params_t *); + +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +char *g_bytes_token_get_modifier_path(const GBytesToken *, size_t); diff --git a/src/analysis/scan/patterns/tokens/atom.c b/src/analysis/scan/patterns/tokens/atom.c index 52f239c..4f2ad67 100644 --- a/src/analysis/scan/patterns/tokens/atom.c +++ b/src/analysis/scan/patterns/tokens/atom.c @@ -26,6 +26,7 @@ #include <assert.h> #include <malloc.h> +#include <math.h> @@ -43,7 +44,8 @@ /****************************************************************************** * * * Paramètres : ch = octet dont la valeur est à analyser. * -* seen = suivi des octets déjà rencontrés. [OUT] * +* seen = suivi des octets déjà rencontrés. [OUT] * +* uniq = volume d'octets originaux à actualiser. [OUT] * * letters = nombre de lettres rencontrées. [OUT] * * * * Description : Note l'intêret de rechercher un octet particulier. * @@ -54,7 +56,7 @@ * * ******************************************************************************/ -int rate_byte_quality(bin_t ch, bitfield_t *seen, size_t *letters) +int rate_byte_quality(bin_t ch, uint8_t *seen, size_t *uniq, size_t *letters) { int result; /* Note à retourner */ @@ -69,7 +71,7 @@ int rate_byte_quality(bin_t ch, bitfield_t *seen, size_t *letters) break; case 'A' ... 'Z': - case 'z' ... 'z': + case 'a' ... 'z': if (letters == NULL) result = 20; else @@ -85,7 +87,8 @@ int rate_byte_quality(bin_t ch, bitfield_t *seen, size_t *letters) } - set_in_bit_field(seen, ch, 1); + if (seen[ch]++ == 0) + (*uniq)++; return result; @@ -94,8 +97,67 @@ int rate_byte_quality(bin_t ch, bitfield_t *seen, size_t *letters) /****************************************************************************** * * -* Paramètres : seen = suivi des octets déjà rencontrés. * -* max = nombre d'octets considérés à la base. * +* Paramètres : ch = octet dont la valeur est à analyser. * +* seen = suivi des octets déjà rencontrés. [OUT] * +* uniq = volume d'octets originaux à actualiser. [OUT] * +* letters = nombre de lettres rencontrées. [OUT] * +* * +* Description : Annihile l'intêret de rechercher un octet particulier. * +* * +* Retour : Note positive ou négative. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int unrate_byte_quality(bin_t ch, uint8_t *seen, size_t *uniq, size_t *letters) +{ + int result; /* Note à retourner */ + + switch (ch) + { + case 0x00: + case 0x20: + case 0x90: + case 0xcc: + case 0xff: + result = 12; + break; + + case 'A' ... 'Z': + case 'a' ... 'z': + if (letters == NULL) + result = 20; + else + { + result = 18; + assert(*letters > 0); + (*letters)--; + } + break; + + default: + result = 20; + break; + + } + + if (--seen[ch] == 0) + { + assert(*uniq > 0); + (*uniq)--; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : rating = note d'évaluation courante. * +* uniq = volume d'octets originaux relevés. * +* max = nombre d'octets considérés à la base. * * * * Description : Termine la notation d'un ensemble d'octets. * * * @@ -105,21 +167,14 @@ int rate_byte_quality(bin_t ch, bitfield_t *seen, size_t *letters) * * ******************************************************************************/ -int finish_quality_rating(const bitfield_t *seen, size_t max) +int finish_quality_rating(int rating, size_t uniq, size_t max) { int result; /* Note à retourner */ - size_t uniq; /* Quantié d'octets uniques */ bool bad; /* Indice de mauvaise qualité */ - uniq = popcount_for_bit_field(seen); - if (uniq == 1) { - bad = test_in_bit_field(seen, 0x00) - || test_in_bit_field(seen, 0x20) - || test_in_bit_field(seen, 0x90) - || test_in_bit_field(seen, 0xcc) - || test_in_bit_field(seen, 0xff); + bad = (rating % 12) == 0; result = (bad ? -10 * max : 2); @@ -128,6 +183,8 @@ int finish_quality_rating(const bitfield_t *seen, size_t max) else result = uniq * 2; + result += rating; + return result; } @@ -154,12 +211,16 @@ void find_best_atom(const sized_binary_t *raw, size_t maxsize, tracked_scan_atom bin_t ch; /* Octets à étudier */ size_t best_letters; /* Mémorisation de décompte */ size_t *ptr_letters; /* Pointeur vers le décompte */ + int raw_rating; /* Notation brute de séquence */ + uint8_t seen[256]; /* Mémorisation des passages */ + size_t uniq; /* Nombre d'octets originaux */ + const bin_t *last; /* Dernier caractère étudié */ int best_rating; /* Meilleur notation obtenue */ - bitfield_t *seen; /* Mémorise les octets déjà vus*/ size_t max_loop; /* Limitation des itérations */ size_t k; /* Boucle de parcours #2 */ size_t local_letters; /* Décompte courant des lettres*/ int local_rating; /* Notation courante */ + const bin_t *first; /* Premier caractère étudié */ /* Si la chaîne fournie est plus petite que la taille d'un atome... */ if (raw->len <= maxsize) @@ -168,6 +229,8 @@ void find_best_atom(const sized_binary_t *raw, size_t maxsize, tracked_scan_atom atom->len = raw->len; atom->rem = 0; + atom->fast_check = true; + if (letters != NULL) { *letters = 0; @@ -196,14 +259,17 @@ void find_best_atom(const sized_binary_t *raw, size_t maxsize, tracked_scan_atom ptr_letters = (letters != NULL ? &best_letters : NULL); best_letters = 0; - best_rating = 0; + raw_rating = 0; + + memset(seen, 0, sizeof(seen)); + uniq = 0; - seen = create_bit_field(256, false); + last = raw->static_bin_data; for (k = 0; k < maxsize; k++) - best_rating += rate_byte_quality(raw->data[k], seen, ptr_letters); + raw_rating += rate_byte_quality(*last++, seen, &uniq, ptr_letters); - best_rating += finish_quality_rating(seen, maxsize); + best_rating = finish_quality_rating(raw_rating, uniq, maxsize); /* Parcours du reste du contenu */ @@ -211,21 +277,21 @@ void find_best_atom(const sized_binary_t *raw, size_t maxsize, tracked_scan_atom ptr_letters = (letters != NULL ? &local_letters : NULL); - for (i = 1; i < max_loop; i++) - { - local_letters = 0; - local_rating = 0; + local_letters = best_letters; + local_rating = best_rating; - reset_all_in_bit_field(seen); + first = raw->static_bin_data; - for (k = 0; k < maxsize; k++) - local_rating += rate_byte_quality(raw->data[i + k], seen, ptr_letters); + for (i = 0; i < max_loop; i++) + { + raw_rating += rate_byte_quality(*last++, seen, &uniq, ptr_letters); + raw_rating -= unrate_byte_quality(*first++, seen, &uniq, ptr_letters); - local_rating += finish_quality_rating(seen, maxsize); + local_rating = finish_quality_rating(raw_rating , uniq, maxsize); if (local_rating > best_rating) { - atom->pos = i; + atom->pos = i + 1; best_letters = local_letters; best_rating = local_rating; @@ -236,15 +302,18 @@ void find_best_atom(const sized_binary_t *raw, size_t maxsize, tracked_scan_atom /* Conclusion */ - delete_bit_field(seen); - atom->rem = raw->len - atom->pos - maxsize; + atom->fast_check = false; + if (letters != NULL) *letters = best_letters; } + assert((atom->fast_check && atom->pos == 0 && atom->rem == 0) + || (!atom->fast_check && (atom->pos != 0 || atom->rem != 0))); + } @@ -340,11 +409,11 @@ sized_binary_t *make_atoms_case_insensitive(const sized_binary_t *src, const tra /****************************************************************************** * * -* Paramètres : byte = octet partiel à interpréter. * -* mask = valeur du masque à appliquer. * +* Paramètres : bytes = octets partiels avec leur masque à interpréter. * +* len = quantité d'octets à interpréter. * * produced = nombre de contenus générés. [OUT] * * * -* Description : Etablit la liste des cas de figures avec un octet partiel. * +* Description : Etablit la liste des cas de figures avec des octets partiels.* * * * Retour : Liste de toutes les combinaisons possibles. * * * @@ -352,28 +421,66 @@ sized_binary_t *make_atoms_case_insensitive(const sized_binary_t *src, const tra * * ******************************************************************************/ -sized_binary_t *make_atoms_from_masked_byte(bin_t value, bin_t mask, size_t *produced) +sized_binary_t *make_atoms_from_masked_bytes(const masked_byte_t *bytes, size_t len, size_t *produced) { sized_binary_t *result; /* Liste à retourner */ + size_t seq_len; /* Taille de séquence retenue */ + size_t repeat_times; /* Répétitions pour remplissage*/ + sized_binary_t *maxiter; /* Borne de fin de parcours */ size_t i; /* Boucle de parcours #1 */ + sized_binary_t *iter; /* Boucle de parcours #2 */ + size_t j; /* Boucle de parcours #3 */ + size_t k; /* Boucle de parcours #4 */ + + seq_len = (len > MASK_MAX_LEN_FOR_ATOMS ? MASK_MAX_LEN_FOR_ATOMS : len); - *produced = 16; + /** + * Si l'usage de la fonction pow() disparaît, la bibliothèque m + * peut être retirée de libchrysacore_la_LDFLAGS dans le Makefile + * principal. + */ + repeat_times = pow(16, seq_len - 1); + + *produced = 16 * repeat_times; /* Création du réceptacle */ - result = malloc(16 * sizeof(tracked_scan_atom_t)); + result = malloc(*produced * sizeof(tracked_scan_atom_t)); + + maxiter = result + *produced; /* Remplissage */ - for (i = 0; i < 16; i++) + for (i = 0; i < seq_len; i++) { - result[i].data = malloc(1); - result[i].len = 1; + for (iter = result; iter < maxiter; ) + { + for (j = 0; j < 16; j++) + { + assert(bytes[i].mask == 0x0f || bytes[i].mask == 0xf0); - if (mask == 0x0f) - result[i].data[0] = value | (i << 4); - else - result[i].data[0] = value | i; + for (k = 0; k < repeat_times; k++) + { + if (i == 0) + { + iter->data = malloc(seq_len); + iter->len = seq_len; + } + + if (bytes[i].mask == 0x0f) + iter->data[i] = bytes[i].value | (j << 4); + else + iter->data[i] = bytes[i].value | j; + + iter++; + + } + + } + + } + + repeat_times /= 16; } @@ -385,11 +492,10 @@ sized_binary_t *make_atoms_from_masked_byte(bin_t value, bin_t mask, size_t *pro /****************************************************************************** * * * Paramètres : raw = définition de la bribe à enregistrer. * -* context = contexte de l'analyse à mener. * * backend = moteur de recherche à préchauffer. * * atom = informations de suivi constituées. [OUT] * * * -* Description : Enregistre l'atome déterminé d'une série d'octets. * +* Description : Amorce l'insertion de l'atome déterminé d'une série d'octets.* * * * Retour : Bilan de l'opération à renvoyer. * * * @@ -397,14 +503,38 @@ sized_binary_t *make_atoms_from_masked_byte(bin_t value, bin_t mask, size_t *pro * * ******************************************************************************/ -bool enroll_prepared_atom(const sized_binary_t *raw, GScanContext *context, GEngineBackend *backend, tracked_scan_atom_t *atom) +bool enroll_prepared_atom(const sized_binary_t *raw, GEngineBackend *backend, tracked_scan_atom_t *atom) { bool result; /* Statut à retourner */ const bin_t *data; /* Données à rechercher */ - data = raw->data + atom->pos; + data = raw->static_bin_data + atom->pos; + + result = g_engine_backend_enroll_plain_pattern(backend, data, atom->len, atom->tmp_id); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : atom = informations de suivi constituées. [OUT] * +* backend = moteur de recherche à préchauffer. * +* * +* Description : Récupère un identifiant final pour un atome d'octets. * +* * +* Retour : Bilan de l'opération à renvoyer. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool build_atom_pattern_id(tracked_scan_atom_t *atom, GEngineBackend *backend) +{ + bool result; /* Statut à retourner */ - atom->pid = g_engine_backend_enroll_plain_pattern(backend, context, data, atom->len); + atom->pid = g_engine_backend_build_plain_pattern_id(backend, atom->tmp_id); result = (atom->pid != INVALID_PATTERN_ID); diff --git a/src/analysis/scan/patterns/tokens/atom.h b/src/analysis/scan/patterns/tokens/atom.h index 2fbc19e..1ef8f40 100644 --- a/src/analysis/scan/patterns/tokens/atom.h +++ b/src/analysis/scan/patterns/tokens/atom.h @@ -29,9 +29,7 @@ #include "../backend.h" -#include "../../context.h" #include "../../../../arch/vmpa.h" -#include "../../../../common/bits.h" #include "../../../../common/szstr.h" @@ -43,16 +41,22 @@ typedef struct _tracked_scan_atom_t phys_t len; /* Taille de ladite sélection */ phys_t rem; /* Reste après l'atome */ + bool fast_check; /* Besoin de vérifications ? */ + + uint32_t tmp_id[2]; /* Couple d'identifiants temp. */ + patid_t pid; /* Identifiant de la bribe */ } tracked_scan_atom_t; - /* Note l'intêret de rechercher un octet particulier. */ -int rate_byte_quality(bin_t, bitfield_t *, size_t *); +int rate_byte_quality(bin_t, uint8_t *, size_t *, size_t *); + +/* Annihile l'intêret de rechercher un octet particulier. */ +int unrate_byte_quality(bin_t, uint8_t *, size_t *, size_t *); /* Termine la notation d'un ensemble d'octets. */ -int finish_quality_rating(const bitfield_t *, size_t); +int finish_quality_rating(int, size_t, size_t); /* Détermine la portion idéale de recherche. */ void find_best_atom(const sized_binary_t *, size_t , tracked_scan_atom_t *, size_t *); @@ -60,11 +64,24 @@ void find_best_atom(const sized_binary_t *, size_t , tracked_scan_atom_t *, size /* Etablit la liste des cas de figures ignorant la casse. */ sized_binary_t *make_atoms_case_insensitive(const sized_binary_t *, const tracked_scan_atom_t *, size_t); -/* Etablit la liste des cas de figures avec un octet partiel. */ -sized_binary_t *make_atoms_from_masked_byte(bin_t, bin_t, size_t *); +/* Mémorisation d'un octet visé avec son masque */ +typedef struct _masked_byte_t +{ + bin_t value; /* Valeur de l'octet visé */ + bin_t mask; /* Masque à appliquer */ + +} masked_byte_t; + +#define MASK_MAX_LEN_FOR_ATOMS 2 + +/* Etablit la liste des cas de figures avec des octets partiels. */ +sized_binary_t *make_atoms_from_masked_bytes(const masked_byte_t *, size_t, size_t *); + +/* Amorce l'insertion de l'atome déterminé d'une série d'octets. */ +bool enroll_prepared_atom(const sized_binary_t *, GEngineBackend *, tracked_scan_atom_t *); -/* Enregistre l'atome déterminé d'une série d'octets. */ -bool enroll_prepared_atom(const sized_binary_t *, GScanContext *, GEngineBackend *, tracked_scan_atom_t *); +/* Récupère un identifiant final pour un atome d'octets. */ +bool build_atom_pattern_id(tracked_scan_atom_t *, GEngineBackend *); diff --git a/src/analysis/scan/patterns/tokens/hex-int.h b/src/analysis/scan/patterns/tokens/hex-int.h index 440f693..dca9848 100644 --- a/src/analysis/scan/patterns/tokens/hex-int.h +++ b/src/analysis/scan/patterns/tokens/hex-int.h @@ -36,14 +36,14 @@ /* Encadrement d'une recherche de morceaux de binaire (instance) */ struct _GScanHexBytes { - GStringToken parent; /* A laisser en premier */ + GBytesToken parent; /* A laisser en premier */ }; /* Encadrement d'une recherche de morceaux de binaire (classe) */ struct _GScanHexBytesClass { - GStringTokenClass parent; /* A laisser en premier */ + GBytesTokenClass parent; /* A laisser en premier */ }; diff --git a/src/analysis/scan/patterns/tokens/hex.c b/src/analysis/scan/patterns/tokens/hex.c index 1fda597..89d7ca4 100644 --- a/src/analysis/scan/patterns/tokens/hex.c +++ b/src/analysis/scan/patterns/tokens/hex.c @@ -66,7 +66,7 @@ static void g_scan_hex_bytes_output_to_json(const GScanHexBytes *, GScanContext /* Indique le type défini pour une suite d'octets à retrouver dans un binaire. */ -G_DEFINE_TYPE(GScanHexBytes, g_scan_hex_bytes, G_TYPE_STRING_TOKEN); +G_DEFINE_TYPE(GScanHexBytes, g_scan_hex_bytes, G_TYPE_BYTES_TOKEN); /****************************************************************************** @@ -200,7 +200,7 @@ bool g_scan_hex_bytes_create(GScanHexBytes *bytes, GScanTokenNode *root, bool pr { bool result; /* Bilan à retourner */ - result = g_string_token_create(G_STRING_TOKEN(bytes), root, false, private); + result = g_bytes_token_create(G_BYTES_TOKEN(bytes), root, false, private); return result; diff --git a/src/analysis/scan/patterns/tokens/node-int.h b/src/analysis/scan/patterns/tokens/node-int.h index 091a5be..520e2a4 100644 --- a/src/analysis/scan/patterns/tokens/node-int.h +++ b/src/analysis/scan/patterns/tokens/node-int.h @@ -28,9 +28,9 @@ #include "node.h" -#include "offset.h" - +/* Communique l'intérêt d'un noeud au sein d'une analyse. */ +typedef float (* compute_scan_token_node_weight_fc) (const GScanTokenNode *); /* Prend acte d'une nouvelle propriété pour le noeud. */ typedef void (* apply_scan_token_node_flags_fc) (GScanTokenNode *, ScanTokenNodeFlags); @@ -38,23 +38,30 @@ typedef void (* apply_scan_token_node_flags_fc) (GScanTokenNode *, ScanTokenNode /* Noeuds clefs de l'arborescence mise en place */ typedef struct _scan_tree_points_t { - GScanTokenNode *first_node; /* Premier noeud de traitement */ - GScanTokenNode *last_node; /* Dernier noeud de traitement */ - GScanTokenNode *first_plain; /* Premier noeud textuel */ GScanTokenNode *best_masked; /* Noeud masqué le plus long */ } scan_tree_points_t; - /* Parcourt une arborescence de noeuds et y relève des éléments. */ typedef void (* visit_scan_token_node_fc) (GScanTokenNode *, scan_tree_points_t *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -typedef bool (* enroll_scan_token_node_fc) (GScanTokenNode *, GScanContext *, GEngineBackend *, size_t, size_t *); +typedef bool (* enroll_scan_token_node_fc) (GScanTokenNode *, GEngineBackend *, size_t, size_t *); + +/* Récupère un identifiant final pour un atome d'octets. */ +typedef bool (* build_scan_token_node_id_fc) (GScanTokenNode *, GEngineBackend *); + +typedef enum _TokenNodeCheckFlags +{ + TNCF_UPDATE_IN_PLACE = (1 << 0), /* Actualisation de l'entrée */ + TNCF_CREATE_NEW = (1 << 1), /* Allocation de positions */ + TNCF_KEEP_DISCARDED = (1 << 2), /* Inversion des résultats */ + +} TokenNodeCheckFlags; /* Transforme les correspondances locales en trouvailles. */ -typedef void (* check_scan_token_node_fc) (const GScanTokenNode *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +typedef void (* check_scan_token_node_fc) (const GScanTokenNode *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); /* Décomposition d'un motif de recherche en atomes (instance) */ @@ -71,10 +78,12 @@ struct _GScanTokenNodeClass { GObjectClass parent; /* A laisser en premier */ + compute_scan_token_node_weight_fc compute_weight; /* Evaluation */ + visit_scan_token_node_fc visit; /* Phase de répérage initial */ apply_scan_token_node_flags_fc apply; /* Prise en compte de fanions */ - visit_scan_token_node_fc visit; /* Phase de répérage initial */ enroll_scan_token_node_fc enroll; /* Inscription d'un motif */ + build_scan_token_node_id_fc build_id; /* Récupération d'identifiant */ check_scan_token_node_fc check_forward; /* Conversion en trouvailles */ check_scan_token_node_fc check_backward;/* Conversion en trouvailles */ @@ -86,13 +95,13 @@ struct _GScanTokenNodeClass void g_scan_token_node_visit(GScanTokenNode *, scan_tree_points_t *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -bool _g_scan_token_node_enroll(GScanTokenNode *, GScanContext *, GEngineBackend *, size_t, size_t *); +bool _g_scan_token_node_enroll(GScanTokenNode *, GEngineBackend *, size_t, size_t *); /* Transforme les correspondances locales en trouvailles. */ -void _g_scan_token_node_check_forward(const GScanTokenNode *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +void _g_scan_token_node_check_forward(const GScanTokenNode *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); /* Transforme les correspondances locales en trouvailles. */ -void _g_scan_token_node_check_backward(const GScanTokenNode *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +void _g_scan_token_node_check_backward(const GScanTokenNode *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); diff --git a/src/analysis/scan/patterns/tokens/node.c b/src/analysis/scan/patterns/tokens/node.c index cdbad4f..767cc6d 100644 --- a/src/analysis/scan/patterns/tokens/node.c +++ b/src/analysis/scan/patterns/tokens/node.c @@ -143,6 +143,38 @@ static void g_scan_token_node_finalize(GScanTokenNode *node) * * * Paramètres : node = noeud de motif à consulter. * * * +* Description : Communique l'intérêt d'un noeud au sein d'une analyse. * +* * +* Retour : Poids de l'importance pour un départ de scan. * +* * +* Remarques : - * +* * +******************************************************************************/ + +float g_scan_token_node_compute_weight_for_scan(const GScanTokenNode *node) +{ + float result; /* Valeur à retourner */ + GScanTokenNodeClass *class; /* Classe de l'instance */ + + class = G_SCAN_TOKEN_NODE_GET_CLASS(node); + + if (class->compute_weight != NULL) + result = class->compute_weight(node); + else + result = 0; + + return result; + +} + + + + + +/****************************************************************************** +* * +* Paramètres : node = noeud de motif à consulter. * +* * * Description : Indique les propriétés particulières d'un noeud d'analyse. * * * * Retour : Propriétés particulières associées au noeud. * @@ -206,15 +238,6 @@ void g_scan_token_node_visit(GScanTokenNode *node, scan_tree_points_t *points) { GScanTokenNodeClass *class; /* Classe de l'instance */ - if (node->flags & STNF_PROD) - { - if (points->first_node == NULL) - points->first_node = node; - - points->last_node = node; - - } - class = G_SCAN_TOKEN_NODE_GET_CLASS(node); if (class->visit != NULL) @@ -243,9 +266,6 @@ bool g_scan_token_node_setup_tree(GScanTokenNode *node) /* Phase de localisation */ - points.first_node = NULL; - points.last_node = NULL; - points.first_plain = NULL; points.best_masked = NULL; @@ -253,8 +273,8 @@ bool g_scan_token_node_setup_tree(GScanTokenNode *node) /* Phase d'application */ - //g_scan_token_node_set_flags(points.first_node, STNF_FIRST); - //g_scan_token_node_set_flags(points.last_node, STNF_LAST); + g_scan_token_node_set_flags(node, STNF_FIRST); + g_scan_token_node_set_flags(node, STNF_LAST); if (points.first_plain != NULL) main = points.first_plain; @@ -263,11 +283,11 @@ bool g_scan_token_node_setup_tree(GScanTokenNode *node) main = points.best_masked; else - main = node;//points.first_node; + main = node; g_scan_token_node_set_flags(main, STNF_MAIN); - result = (main != node/*points.first_node*/); + result = (main != node); return result; @@ -277,7 +297,6 @@ bool g_scan_token_node_setup_tree(GScanTokenNode *node) /****************************************************************************** * * * Paramètres : node = définition de la bribe à enregistrer. * -* context = contexte de l'analyse à mener. * * backend = moteur de recherche à préchauffer. * * maxsize = taille max. des atomes (mise en commun optimisée). * * slow = niveau de ralentissement induit (0 = idéal). [OUT] * @@ -290,14 +309,14 @@ bool g_scan_token_node_setup_tree(GScanTokenNode *node) * * ******************************************************************************/ -bool _g_scan_token_node_enroll(GScanTokenNode *node, GScanContext *context, GEngineBackend *backend, size_t maxsize, size_t *slow) +bool _g_scan_token_node_enroll(GScanTokenNode *node, GEngineBackend *backend, size_t maxsize, size_t *slow) { bool result; /* Statut à retourner */ GScanTokenNodeClass *class; /* Classe de l'instance */ class = G_SCAN_TOKEN_NODE_GET_CLASS(node); - result = class->enroll(node, context, backend, maxsize, slow); + result = class->enroll(node, backend, maxsize, slow); return result; @@ -307,7 +326,6 @@ bool _g_scan_token_node_enroll(GScanTokenNode *node, GScanContext *context, GEng /****************************************************************************** * * * Paramètres : node = définition de la bribe à enregistrer. * -* context = contexte de l'analyse à mener. * * backend = moteur de recherche à préchauffer. * * maxsize = taille max. des atomes (mise en commun optimisée). * * slow = niveau de ralentissement induit (0 = idéal). [OUT] * @@ -320,7 +338,7 @@ bool _g_scan_token_node_enroll(GScanTokenNode *node, GScanContext *context, GEng * * ******************************************************************************/ -bool g_scan_token_node_enroll(GScanTokenNode *node, GScanContext *context, GEngineBackend *backend, size_t maxsize, size_t *slow) +bool g_scan_token_node_enroll(GScanTokenNode *node, GEngineBackend *backend, size_t maxsize, size_t *slow) { bool result; /* Statut à retourner */ @@ -328,7 +346,37 @@ bool g_scan_token_node_enroll(GScanTokenNode *node, GScanContext *context, GEngi *slow = 0; - result = _g_scan_token_node_enroll(node, context, backend, maxsize, slow); + result = _g_scan_token_node_enroll(node, backend, maxsize, slow); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : node = définition de la bribe à peaufiner. * +* backend = moteur de recherche à préchauffer. * +* * +* Description : Récupère un identifiant final pour un atome d'octets. * +* * +* Retour : Bilan de l'opération à renvoyer. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_scan_token_node_build_id(GScanTokenNode *node, GEngineBackend *backend) +{ + bool result; /* Statut à retourner */ + GScanTokenNodeClass *class; /* Classe de l'instance */ + + class = G_SCAN_TOKEN_NODE_GET_CLASS(node); + + if (class->build_id == NULL) + result = true; + else + result = class->build_id(node, backend); return result; @@ -337,13 +385,10 @@ bool g_scan_token_node_enroll(GScanTokenNode *node, GScanContext *context, GEngi /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -353,7 +398,7 @@ bool g_scan_token_node_enroll(GScanTokenNode *node, GScanContext *context, GEngi * * ******************************************************************************/ -void _g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +void _g_scan_token_node_check_forward(const GScanTokenNode *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { GScanTokenNodeClass *class; /* Classe de l'instance */ @@ -365,17 +410,15 @@ void _g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext * class = G_SCAN_TOKEN_NODE_GET_CLASS(node); - class->check_forward(node, context, content, matches, offset, not, skip); + class->check_forward(node, params, cflags, skip); } /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -385,9 +428,9 @@ void _g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext * * * ******************************************************************************/ -void g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *context, GBinContent *content, pending_matches_t *matches) +void g_scan_token_node_check_forward(const GScanTokenNode *node, scan_node_check_params_t *params) { - node_search_offset_t offset; /* Espace des correspondances */ + node_search_offset_t offset; /* Espace des correspondances */ bool skip; /* Mise en attente des analyses*/ size_t ocount; /* Quantité de bornes présentes*/ node_offset_range_t * const *ranges_ptr;/* Bornes d'espace à parcourir */ @@ -400,11 +443,14 @@ void g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *c const node_offset_range_t *range; /* Bornes d'espace à parcourir */ phys_t new_end; /* Nouveau point d'arrivée */ - init_node_search_offset(&offset); + init_node_search_offset(¶ms->offset); skip = true; - _g_scan_token_node_check_forward(node, context, content, matches, &offset, false, &skip); + _g_scan_token_node_check_forward(node, params, TNCF_UPDATE_IN_PLACE, &skip); + + +#if 0 // FIXME /** * Si un décalage entre octets n'a pas été consommé, @@ -415,6 +461,50 @@ void g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *c if (ocount > 0) { + /** + * Dans le cas où un unique noeud ne renvoie que vers un espace (par + * exemple : "$a = { [0] }"), il n'y a pas de résultats, donc pas + * d'initialisation. + * + * La réinitialisation des décomptes va tiquer pour cet état. La + * phase d'extension des résultats inexistants est ainsi sautée. + */ + if (count_pending_matches(matches) == 0) + { + + + for (o = 0; o < ocount; o++) + { + range = (*ranges_ptr) + o; + + + printf("range: %u - %u\n", + (unsigned int)range->min, + (unsigned int)range->max); + + + /* + new_end = old_end + range->min; + + if (new_end > matches->content_end) + new_end = matches->content_end; + + add_pending_match(pending_matches_t *, phys_t, phys_t); + + extend_pending_match_ending(matches, p, new_end); + */ + + } + + + + + + + goto offset_done; + + } + reset_pending_matches_ttl(matches); pending_ptr = get_all_pending_matches(matches, &pcount); @@ -446,26 +536,27 @@ void g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *c */ /* purge_pending_matches(matches); */ + offset_done: + disable_all_ranges_in_node_search_offset(&offset); } assert(offset.used == 0); - exit_node_search_offset(&offset); +#endif + + exit_node_search_offset(¶ms->offset); } /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -475,13 +566,13 @@ void g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *c * * ******************************************************************************/ -void _g_scan_token_node_check_backward(const GScanTokenNode *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +void _g_scan_token_node_check_backward(const GScanTokenNode *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { GScanTokenNodeClass *class; /* Classe de l'instance */ class = G_SCAN_TOKEN_NODE_GET_CLASS(node); - class->check_backward(node, context, content, matches, offset, not, skip); + class->check_backward(node, params, cflags, skip); if (node->flags & STNF_MAIN) { @@ -494,10 +585,8 @@ void _g_scan_token_node_check_backward(const GScanTokenNode *node, GScanContext /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -507,7 +596,7 @@ void _g_scan_token_node_check_backward(const GScanTokenNode *node, GScanContext * * ******************************************************************************/ -void g_scan_token_node_check_backward(const GScanTokenNode *node, GScanContext *context, GBinContent *content, pending_matches_t *matches) +void g_scan_token_node_check_backward(const GScanTokenNode *node, scan_node_check_params_t *params) { node_search_offset_t offset; /* Espace des correspondances */ bool skip; /* Mise en attente des analyses*/ @@ -522,11 +611,13 @@ void g_scan_token_node_check_backward(const GScanTokenNode *node, GScanContext * const node_offset_range_t *range; /* Bornes d'espace à parcourir */ phys_t new_start; /* Nouveau point d'arrivée */ - init_node_search_offset(&offset); + init_node_search_offset(¶ms->offset); skip = true; - _g_scan_token_node_check_backward(node, context, content, matches, &offset, false, &skip); + _g_scan_token_node_check_backward(node, params, TNCF_UPDATE_IN_PLACE, &skip); + +#if 0 // FIXME /** * Si un décalage entre octets n'a pas été consommé, @@ -577,6 +668,8 @@ void g_scan_token_node_check_backward(const GScanTokenNode *node, GScanContext * assert(offset.used == 0); - exit_node_search_offset(&offset); +#endif + + exit_node_search_offset(¶ms->offset); } diff --git a/src/analysis/scan/patterns/tokens/node.h b/src/analysis/scan/patterns/tokens/node.h index a2e3b0d..5b1a247 100644 --- a/src/analysis/scan/patterns/tokens/node.h +++ b/src/analysis/scan/patterns/tokens/node.h @@ -29,9 +29,11 @@ #include <stdbool.h> +#include "offset.h" #include "../backend.h" #include "../../context.h" -#include "../../matches/pending.h" +#include "../../matches/bytes.h" +#include "../../../../glibext/umemslice.h" #define G_TYPE_SCAN_TOKEN_NODE g_scan_token_node_get_type() @@ -53,10 +55,9 @@ typedef struct _GScanTokenNodeClass GScanTokenNodeClass; typedef enum _ScanTokenNodeFlags { STNF_NONE = (0 << 0), /* Absence de singularité */ - STNF_PROD = (1 << 0), /* Absence de singularité */ - STNF_FIRST = (1 << 1), /* Premier noeud de traitement */ /* REMME ? */ - STNF_LAST = (1 << 2), /* Dernier noeud de traitement */ /* REMME ? */ - STNF_MAIN = (1 << 3), /* Point de départ d'analyse */ + STNF_FIRST = (1 << 0), /* Premier noeud de traitement */ + STNF_LAST = (1 << 1), /* Dernier noeud de traitement */ + STNF_MAIN = (1 << 2), /* Point de départ d'analyse */ } ScanTokenNodeFlags; @@ -64,6 +65,11 @@ typedef enum _ScanTokenNodeFlags /* Indique le type défini pour un élément décomposant un motif d'octets à rechercher. */ GType g_scan_token_node_get_type(void); +/* Communique l'intérêt d'un noeud au sein d'une analyse. */ +float g_scan_token_node_compute_weight_for_scan(const GScanTokenNode *); + + + /* Indique les propriétés particulières d'un noeud d'analyse. */ ScanTokenNodeFlags g_scan_token_node_get_flags(const GScanTokenNode *); @@ -74,13 +80,47 @@ void g_scan_token_node_set_flags(GScanTokenNode *, ScanTokenNodeFlags); bool g_scan_token_node_setup_tree(GScanTokenNode *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -bool g_scan_token_node_enroll(GScanTokenNode *, GScanContext *, GEngineBackend *, size_t, size_t *); +bool g_scan_token_node_enroll(GScanTokenNode *, GEngineBackend *, size_t, size_t *); + +/* Récupère un identifiant final pour un atome d'octets. */ +bool g_scan_token_node_build_id(GScanTokenNode *, GEngineBackend *); + +/* Accès direct aux éléments utiles aux contrôles */ +typedef struct _scan_node_check_params_t +{ + GScanContext *context; /* Contexte de scan en cours */ + GBinContent *content; /* Contenu binaire associé */ + GUMemSlice *allocator; /* Allocateur pour zones */ + + phys_t content_start; /* Point de début du contenu */ + phys_t content_end; /* Point de fin du contenu */ + + node_search_offset_t offset; /* Décalages à respecter */ + + bool initialized; /* Etat du suivi */ + + /* TNCF_UPDATE_IN_PLACE */ + + match_area_t *main_areas; /* Zones principales à analyser*/ + size_t main_count; /* Taille de cette liste */ + + /* TNCF_CREATE_NEW */ + + match_area_t *created_areas; /* Zones principales à analyser*/ + size_t created_count; /* Taille de cette liste */ + + /* TNCF_KEEP_DISCARDED */ + + match_area_t *kept_areas; /* Zones principales à analyser*/ + size_t kept_count; /* Taille de cette liste */ + +} scan_node_check_params_t; /* Transforme les correspondances locales en trouvailles. */ -void g_scan_token_node_check_forward(const GScanTokenNode *, GScanContext *, GBinContent *, pending_matches_t *); +void g_scan_token_node_check_forward(const GScanTokenNode *, scan_node_check_params_t *); /* Transforme les correspondances locales en trouvailles. */ -void g_scan_token_node_check_backward(const GScanTokenNode *, GScanContext *, GBinContent *, pending_matches_t *); +void g_scan_token_node_check_backward(const GScanTokenNode *, scan_node_check_params_t *); diff --git a/src/analysis/scan/patterns/tokens/nodes/any-int.h b/src/analysis/scan/patterns/tokens/nodes/any-int.h index 705aab3..dd2e2e7 100644 --- a/src/analysis/scan/patterns/tokens/nodes/any-int.h +++ b/src/analysis/scan/patterns/tokens/nodes/any-int.h @@ -52,7 +52,7 @@ struct _GScanTokenNodeAnyClass }; -/* Met en place un un noeud pointant une série d'octets. */ +/* Met en place un noeud pointant une série d'octets. */ bool g_scan_token_node_any_create(GScanTokenNodeAny *, const phys_t *, const phys_t *); diff --git a/src/analysis/scan/patterns/tokens/nodes/any.c b/src/analysis/scan/patterns/tokens/nodes/any.c index e5fb1d7..4334fff 100644 --- a/src/analysis/scan/patterns/tokens/nodes/any.c +++ b/src/analysis/scan/patterns/tokens/nodes/any.c @@ -52,13 +52,13 @@ static void g_scan_token_node_any_finalize(GScanTokenNodeAny *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -static bool g_scan_token_node_any_enroll(GScanTokenNodeAny *, GScanContext *, GEngineBackend *, size_t, size_t *); +static bool g_scan_token_node_any_enroll(GScanTokenNodeAny *, GEngineBackend *, size_t, size_t *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_any_check_forward(const GScanTokenNodeAny *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_any_check_forward(const GScanTokenNodeAny *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_any_check_backward(const GScanTokenNodeAny *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_any_check_backward(const GScanTokenNodeAny *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); @@ -95,6 +95,7 @@ static void g_scan_token_node_any_class_init(GScanTokenNodeAnyClass *klass) node = G_SCAN_TOKEN_NODE_CLASS(klass); + node->apply = (apply_scan_token_node_flags_fc)NULL; node->visit = (visit_scan_token_node_fc)NULL; node->enroll = (enroll_scan_token_node_fc)g_scan_token_node_any_enroll; node->check_forward = (check_scan_token_node_fc)g_scan_token_node_any_check_forward; @@ -117,8 +118,6 @@ static void g_scan_token_node_any_class_init(GScanTokenNodeAnyClass *klass) static void g_scan_token_node_any_init(GScanTokenNodeAny *any) { - g_scan_token_node_set_flags(G_SCAN_TOKEN_NODE(any), STNF_PROD); - any->min = 0; any->has_max = false; @@ -196,7 +195,7 @@ GScanTokenNode *g_scan_token_node_any_new(const phys_t *min, const phys_t *max) * min = éventuelle quantité minimale à retrouver. * * max = éventuelle quantité maximale à retrouver. * * * -* Description : Met en place un un noeud pointant une série d'octets. * +* Description : Met en place un noeud pointant une série d'octets. * * * * Retour : Bilan de l'opération. * * * @@ -221,6 +220,9 @@ bool g_scan_token_node_any_create(GScanTokenNodeAny *any, const phys_t *min, con result = (any->min <= any->max); + if (result && any->min == any->max) + result = (any->min > 0); + } any->has_max = (max != NULL); @@ -230,6 +232,29 @@ bool g_scan_token_node_any_create(GScanTokenNodeAny *any, const phys_t *min, con } +/****************************************************************************** +* * +* Paramètres : any = séquence d'octets quelconques à étendre. * +* extra = étendue supplémentaire à intégrer. * +* * +* Description : Etend un noeud pointant une série d'octets. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_token_node_any_merge(GScanTokenNodeAny *any, GScanTokenNodeAny *extra) +{ + any->min += extra->min; + + if (any->has_max && extra->has_max) + any->max += extra->max; + +} + + /* ---------------------------------------------------------------------------------- */ /* IMPLEMENTATION DES FONCTIONS DE CLASSE */ @@ -239,7 +264,6 @@ bool g_scan_token_node_any_create(GScanTokenNodeAny *any, const phys_t *min, con /****************************************************************************** * * * Paramètres : node = définition de la bribe à enregistrer. * -* context = contexte de l'analyse à mener. * * backend = moteur de recherche à préchauffer. * * maxsize = taille max. des atomes (mise en commun optimisée). * * slow = niveau de ralentissement induit (0 = idéal). [OUT] * @@ -252,7 +276,7 @@ bool g_scan_token_node_any_create(GScanTokenNodeAny *any, const phys_t *min, con * * ******************************************************************************/ -static bool g_scan_token_node_any_enroll(GScanTokenNodeAny *node, GScanContext *context, GEngineBackend *backend, size_t maxsize, size_t *slow) +static bool g_scan_token_node_any_enroll(GScanTokenNodeAny *node, GEngineBackend *backend, size_t maxsize, size_t *slow) { bool result; /* Statut à retourner */ bool forced; /* Inclusion dans un scan ? */ @@ -271,13 +295,10 @@ static bool g_scan_token_node_any_enroll(GScanTokenNodeAny *node, GScanContext * /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -287,66 +308,251 @@ static bool g_scan_token_node_any_enroll(GScanTokenNodeAny *node, GScanContext * * * ******************************************************************************/ -static void g_scan_token_node_any_check_forward(const GScanTokenNodeAny *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_any_check_forward(const GScanTokenNodeAny *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { - bool initialized; /* Initialisation du suivi ? */ + ScanTokenNodeFlags flags; /* Particularités du noeud */ bool forced; /* Inclusion dans un scan ? */ phys_t size; /* Quantité d'octets considérés*/ - const phys_t *datasize; /* Taille max. à communiquer */ + phys_t match_size; /* Taille de correspondance */ + phys_t i; /* Boucle de parcours #1 */ + match_area_t *space; /* Nouvelle zone à intégrer */ + match_area_t *area; /* Correspondance à valider */ + match_area_t *next; /* Correspondance suivante */ + phys_t after; /* Espace disposible après */ + phys_t min_end; /* Fin la plus proche possible */ + phys_t max_end; /* Fin la plus éloignée trouvée*/ + bool updated; /* Existence de correspondance */ + size_t rcount; /* Quantité de bornes présentes*/ + const node_offset_range_t *ranges; /* Bornes d'espace à parcourir */ + size_t r; /* Boucle de parcours #2 */ + phys_t updated_edge; /* Nouvelle bordure de motif */ + match_area_t *new_area; /* Copie de correspondance */ + + if (0x0) printf("=================== CHECK :: %s (skip? %d)\n", __FUNCTION__, *skip); if (*skip) return; + flags = g_scan_token_node_get_flags(G_SCAN_TOKEN_NODE(node)); - // $a = { [1-3] 6f } - // pas d'initialisation, construction de résultats avec une taille nulle + forced = (flags & STNF_MAIN); + assert((!params->initialized && forced) || (params->initialized & !forced)); + /** + * La situation forcée correspond au cas particulier d'une définition + * complètement abstraite : ??, ?? ??, etc. + */ + if (forced) + { + size = params->content_end - params->content_start; - initialized = are_pending_matches_initialized(matches); + if (node->has_max && 0 /* greedy ? */) + { + match_size = node->max; - forced = (g_scan_token_node_get_flags(G_SCAN_TOKEN_NODE(node)) & STNF_MAIN); + if (match_size > size) + match_size = node->min; + + } + else + match_size = node->min; + + /** + * Si le contenu binaire est trop petit pour contenir au moins un enregistrement, + * aucune correspondance n'est enregistrée. Comme le noeud est le principale, ie. + * seul et unique, l'analyse s'arrête ensuite d'elle même. + * + * Si le contenu binaire est suffisamment large, des espaces sont créés et l'analyse + * se termine ensuite. La conservation des espaces n'est donc pas utile, ni réalisée. + */ - size = matches->content_end - matches->content_start; + if (match_size <= size) + { + size -= (match_size - 1); - datasize = (not ? &size : NULL); + assert(cflags & TNCF_UPDATE_IN_PLACE); - if (forced) - { - assert(!initialized); + for (i = 0; i < size; i++) + { + space = g_umem_slice_alloc(params->allocator); - if (node->min > size) - /* TODO set abort in matches */; + space->start = params->content_start + i; + space->end = space->start + match_size; - else - add_range_to_node_search_offset(offset, - matches->content_start, - matches->content_end - matches->content_start, - datasize); + add_tail_match_area(space, ¶ms->main_areas); + + } + + params->main_count += size; + + } } + + /** + * Situation usuelle : des espaces séparent deux noeuds. + */ else { - assert(initialized); + assert(params->initialized); + + /** + * Les espaces existants sont à compléter. La présence de tels espaces + * restant à traiter peut provenir d'un aiguillage imposé par un motif + * tel que : + * + * ( aa ?? ?? | bb cc dd ) [0-5] ee ee + * + * Deux espaces sont à considérer avant de rechercher des octets ee : + * [2-7] et [0-5]. + * + * Note : ces espaces peuvent être disjoints. + * + * Si aucun espace n'est en place, un est créé. + */ + extend_node_search_offset(¶ms->offset, node->min, node->max, node->has_max); - // TODO : compléter les intervales éventuels déjà en place + /** + * Si un décalage enregistré ne peut être consommé par un noeud, les + * résultats sont étendus ici à minima ou maxima. + */ + if (flags & STNF_LAST) + { + assert(offsets_exist(¶ms->offset)); - /* - printf("[i] create hole: %llx <-> %llx\n", - (unsigned long long)node->min, - (unsigned long long)node->max); - */ + if (0x0) printf(" LIST : %p (sz = %zu)\n", params->main_areas, params->main_count); + for_each_match_area_safe(area, ¶ms->main_areas, next) + { + assert(area->end <= params->content_end); - if (node->has_max) - add_range_to_node_search_offset(offset, node->min, node->max, datasize); - else - add_range_to_node_search_offset(offset, node->min, matches->content_end - node->min, datasize); + after = params->content_end - area->end; + + if (0x0) printf("---------- iter @ %u -> %u\n", (unsigned int)area->start, (unsigned int)area->end); + + min_end = params->content_end; + max_end = params->content_start; + + updated = false; + + ranges = get_node_search_offset_ranges_2(¶ms->offset, &rcount); + + for (r = 0; r < rcount; r++) + { + if (ranges[r].min > after) + continue; + + updated_edge = area->end + ranges[r].min; + + if (updated_edge < min_end) + min_end = updated_edge; + + if (ranges[r].has_max) + { + if (ranges[r].max > after) + updated_edge = params->content_end; + else + updated_edge = area->end + ranges[r].max; + + if (updated_edge > max_end) + max_end = updated_edge; + + } + + updated = true; + + } + + if (updated) + { + /** + * Si seuls les rejets sont d'intérêt, les correspondances établies + * ne se voient pas mises à jours ni retirées. + */ + + if ((cflags & TNCF_KEEP_DISCARDED) == 0) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + area->end = (1 /* greedy */ ? min_end : max_end); + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->end = (1 /* greedy */ ? min_end : max_end); + + add_tail_match_area(new_area, ¶ms->created_areas); + params->created_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif + + } + + } - // TODO : si dernier, virer les correspondances qui n'ont plus l'espace de fin requis - // -> au niveau du noeud, en fonction du flag _LAST + else + { + /** + * Si la liste principale doit être mise à jour... + */ + + if (cflags & TNCF_UPDATE_IN_PLACE) + { + del_match_area(area, ¶ms->main_areas); + assert(params->main_count > 0); + params->main_count--; + } + + /** + * Au cas où le rejet est d'intérêt, l'absence de correspondance + * est conservée dans une liste dédiée. + */ + + if (cflags & TNCF_KEEP_DISCARDED) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + { + add_tail_match_area(area, ¶ms->kept_areas); + params->kept_count++; + } + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->end = (1 /* greedy */ ? min_end : max_end); + + add_tail_match_area(new_area, ¶ms->kept_areas); + params->kept_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif + + } + + } + + } + + disable_all_ranges_in_node_search_offset(¶ms->offset); + + } } @@ -355,13 +561,10 @@ static void g_scan_token_node_any_check_forward(const GScanTokenNodeAny *node, G /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -371,55 +574,191 @@ static void g_scan_token_node_any_check_forward(const GScanTokenNodeAny *node, G * * ******************************************************************************/ -static void g_scan_token_node_any_check_backward(const GScanTokenNodeAny *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_any_check_backward(const GScanTokenNodeAny *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { + ScanTokenNodeFlags flags; /* Particularités du noeud */ #ifndef NDEBUG bool forced; /* Inclusion dans un scan ? */ #endif - phys_t size; /* Quantité d'octets considérés*/ - const phys_t *datasize; /* Taille max. à communiquer */ + match_area_t *area; /* Correspondance à valider */ + match_area_t *next; /* Correspondance suivante */ + phys_t before; /* Espace disposible avant */ + phys_t min_start; /* Début le plus proche trouvé */ + phys_t max_start; /* Début le plus distant trouvé*/ + bool updated; /* Existence de correspondance */ + size_t rcount; /* Quantité de bornes présentes*/ + const node_offset_range_t *ranges; /* Bornes d'espace à parcourir */ + size_t r; /* Boucle de parcours */ + phys_t updated_edge; /* Nouvelle bordure de motif */ + match_area_t *new_area; /* Copie de correspondance */ + + if (0x0) printf("=================== CHECK :: %s (skip? %d)\n", __FUNCTION__, *skip); if (*skip) return; /** * En lecture à rebourd, au moins un noeud a été solicité pour analyse (lors - * du sens de lecteur normal). Donc l'initialisation a déjà dû avoir lieu. + * du sens de lecture normal). Donc l'initialisation a déjà dû avoir lieu. */ - assert(are_pending_matches_initialized(matches)); + + assert(params->initialized); + + flags = g_scan_token_node_get_flags(G_SCAN_TOKEN_NODE(node)); /** * Si les recherches associées au noeud ont été forcées, alors les traitements * liés ont déjà été effectués, et l'appel de cette fonction aurait dû être sauté. */ #ifndef NDEBUG - forced = (g_scan_token_node_get_flags(G_SCAN_TOKEN_NODE(node)) & STNF_MAIN); + forced = (flags & STNF_MAIN); assert(!forced); #endif - size = matches->content_end - matches->content_start; + /** + * Les considérations pour l'extension des espaces en place sont identiques + * à celles formulées dans la fonction g_scan_token_node_any_check_forward(). + */ - if (node->min > size) - /* TODO set abort in matches */; + extend_node_search_offset(¶ms->offset, node->min, node->max, node->has_max); - else + /** + * Si un décalage enregistré ne peut être consommé par un noeud, les + * résultats sont étendus ici à minima ou maxima. + */ + + if (flags & STNF_FIRST) { - datasize = (not ? &size : NULL); + assert(offsets_exist(¶ms->offset)); - /** - * Une tolérance basée sur des espaces (et non des positions) est déterminée - * ici. - * - * Charge au prochain noeud de traitement de filtrer les résultats courants - * avec, voire à la fonction _g_scan_token_node_check_backward() de - * réaliser une synthèse finale si le noeud courant est le dernier d'une - * lignée. - */ + if (0x0) printf(" LIST : %p (sz = %zu)\n", params->main_areas, params->main_count); - if (node->has_max) - add_range_to_node_search_offset(offset, node->min, node->max, datasize); - else - add_range_to_node_search_offset(offset, node->min, matches->content_end - node->min, datasize); + for_each_match_area_safe(area, ¶ms->main_areas, next) + { + assert(params->content_start <= area->start); + + before = area->start - params->content_start; + + if (0x0) printf("---------- iter @ %u -> %u\n", (unsigned int)area->start, (unsigned int)area->end); + + min_start = params->content_start; + max_start = params->content_end; + + updated = false; + + ranges = get_node_search_offset_ranges_2(¶ms->offset, &rcount); + + for (r = 0; r < rcount; r++) + { + if (ranges[r].min > before) + continue; + + updated_edge = area->start - ranges[r].min; + + if (updated_edge > min_start) + min_start = updated_edge; + + if (ranges[r].has_max) + { + if (ranges[r].max > before) + updated_edge = params->content_start; + else + updated_edge = area->start - ranges[r].max; + + if (updated_edge < max_start) + max_start = updated_edge; + + } + + updated = true; + + } + + if (updated) + { + /** + * Si seuls les rejets sont d'intérêt, les correspondances établies + * ne se voient pas mises à jours ni retirées. + */ + + if ((cflags & TNCF_KEEP_DISCARDED) == 0) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + area->start = (1 /* greedy */ ? min_start : max_start); + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->start = (1 /* greedy */ ? min_start : max_start); + + add_tail_match_area(new_area, ¶ms->created_areas); + params->created_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif + + } + + } + + else + { + /** + * Si la liste principale doit être mise à jour... + */ + + if (cflags & TNCF_UPDATE_IN_PLACE) + { + del_match_area(area, ¶ms->main_areas); + assert(params->main_count > 0); + params->main_count--; + } + + /** + * Au cas où le rejet est d'intérêt, l'absence de correspondance + * est conservée dans une liste dédiée. + */ + + if (cflags & TNCF_KEEP_DISCARDED) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + { + add_tail_match_area(area, ¶ms->kept_areas); + params->kept_count++; + } + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->start = (1 /* greedy */ ? min_start : max_start); + + add_tail_match_area(new_area, ¶ms->kept_areas); + params->kept_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif + + } + + } + + } + + disable_all_ranges_in_node_search_offset(¶ms->offset); } diff --git a/src/analysis/scan/patterns/tokens/nodes/any.h b/src/analysis/scan/patterns/tokens/nodes/any.h index 6a5628a..9b2233f 100644 --- a/src/analysis/scan/patterns/tokens/nodes/any.h +++ b/src/analysis/scan/patterns/tokens/nodes/any.h @@ -53,6 +53,9 @@ GType g_scan_token_node_any_get_type(void); /* Construit un noeud pointant une série d'octets quelconques. */ GScanTokenNode *g_scan_token_node_any_new(const phys_t *, const phys_t *); +/* Etend un noeud pointant une série d'octets. */ +void g_scan_token_node_any_merge(GScanTokenNodeAny *, GScanTokenNodeAny *); + #endif /* _ANALYSIS_SCAN_PATTERNS_TOKENS_NODES_ANY_H */ diff --git a/src/analysis/scan/patterns/tokens/nodes/choice.c b/src/analysis/scan/patterns/tokens/nodes/choice.c index df6ae45..2a5e5f5 100644 --- a/src/analysis/scan/patterns/tokens/nodes/choice.c +++ b/src/analysis/scan/patterns/tokens/nodes/choice.c @@ -24,6 +24,9 @@ #include "choice.h" +#include <assert.h> + + #include "choice-int.h" @@ -48,6 +51,9 @@ static void g_scan_token_node_choice_finalize(GScanTokenNodeChoice *); /* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ +/* Communique l'intérêt d'un noeud au sein d'une analyse. */ +static float g_scan_token_node_choice_compute_weight_for_scan(const GScanTokenNodeChoice *); + /* Prend acte d'une nouvelle propriété pour le noeud. */ static void g_scan_token_node_choice_apply_flags(GScanTokenNodeChoice *, ScanTokenNodeFlags); @@ -55,13 +61,16 @@ static void g_scan_token_node_choice_apply_flags(GScanTokenNodeChoice *, ScanTok static void g_scan_token_node_choice_visit(GScanTokenNodeChoice *, scan_tree_points_t *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -static bool g_scan_token_node_choice_enroll(GScanTokenNodeChoice *, GScanContext *, GEngineBackend *, size_t, size_t *); +static bool g_scan_token_node_choice_enroll(GScanTokenNodeChoice *, GEngineBackend *, size_t, size_t *); + +/* Récupère un identifiant final pour un atome d'octets. */ +static bool g_scan_token_node_choice_build_id(GScanTokenNodeChoice *, GEngineBackend *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_choice_check_forward(const GScanTokenNodeChoice *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_choice_check_forward(const GScanTokenNodeChoice *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_choice_check_backward(const GScanTokenNodeChoice *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_choice_check_backward(const GScanTokenNodeChoice *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); @@ -98,9 +107,11 @@ static void g_scan_token_node_choice_class_init(GScanTokenNodeChoiceClass *klass node = G_SCAN_TOKEN_NODE_CLASS(klass); + node->compute_weight = (compute_scan_token_node_weight_fc)g_scan_token_node_choice_compute_weight_for_scan; node->apply = (apply_scan_token_node_flags_fc)g_scan_token_node_choice_apply_flags; node->visit = (visit_scan_token_node_fc)g_scan_token_node_choice_visit; node->enroll = (enroll_scan_token_node_fc)g_scan_token_node_choice_enroll; + node->build_id = (build_scan_token_node_id_fc)g_scan_token_node_choice_build_id; node->check_forward = (check_scan_token_node_fc)g_scan_token_node_choice_check_forward; node->check_backward = (check_scan_token_node_fc)g_scan_token_node_choice_check_backward; @@ -227,6 +238,51 @@ void g_scan_token_node_choice_add(GScanTokenNodeChoice *choice, GScanTokenNode * /****************************************************************************** * * +* Paramètres : node = noeud de motif à consulter. * +* * +* Description : Communique l'intérêt d'un noeud au sein d'une analyse. * +* * +* Retour : Poids de l'importance pour un départ de scan. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static float g_scan_token_node_choice_compute_weight_for_scan(const GScanTokenNodeChoice *node) +{ + float result; /* Valeur à retourner */ + size_t weight_count; /* Nombre de comptabilisations */ + size_t i; /* Boucle de parcours */ + float weight; /* Nouveau poids à intégrer */ + + result = 0; + + weight_count = 0; + + for (i = 0; i < node->count; i++) + { + weight = g_scan_token_node_compute_weight_for_scan(node->children[i]); + + if (weight > 0) + { + result += weight; + weight_count++; + } + + } + + if (weight_count != node->count) + result = 0; + else + result /= weight_count; + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : node = noeud de motif à mettre à jour. * * flags = propriétés particulières à associer au noeud. * * * @@ -274,9 +330,6 @@ static void g_scan_token_node_choice_visit(GScanTokenNodeChoice *node, scan_tree for (i = 0; i < node->count; i++) { - tmp_points.first_node = NULL; - tmp_points.last_node = NULL; - tmp_points.first_plain = NULL; tmp_points.best_masked = NULL; @@ -296,7 +349,6 @@ static void g_scan_token_node_choice_visit(GScanTokenNodeChoice *node, scan_tree /****************************************************************************** * * * Paramètres : node = définition de la bribe à enregistrer. * -* context = contexte de l'analyse à mener. * * backend = moteur de recherche à préchauffer. * * maxsize = taille max. des atomes (mise en commun optimisée). * * slow = niveau de ralentissement induit (0 = idéal). [OUT] * @@ -309,7 +361,7 @@ static void g_scan_token_node_choice_visit(GScanTokenNodeChoice *node, scan_tree * * ******************************************************************************/ -static bool g_scan_token_node_choice_enroll(GScanTokenNodeChoice *node, GScanContext *context, GEngineBackend *backend, size_t maxsize, size_t *slow) +static bool g_scan_token_node_choice_enroll(GScanTokenNodeChoice *node, GEngineBackend *backend, size_t maxsize, size_t *slow) { bool result; /* Statut à retourner */ size_t i; /* Boucle de parcours */ @@ -317,7 +369,7 @@ static bool g_scan_token_node_choice_enroll(GScanTokenNodeChoice *node, GScanCon result = true; for (i = 0; i < node->count && result; i++) - result = _g_scan_token_node_enroll(node->children[i], context, backend, maxsize, slow); + result = _g_scan_token_node_enroll(node->children[i], backend, maxsize, slow); return result; @@ -326,13 +378,38 @@ static bool g_scan_token_node_choice_enroll(GScanTokenNodeChoice *node, GScanCon /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à peaufiner. * +* backend = moteur de recherche à préchauffer. * +* * +* Description : Récupère un identifiant final pour un atome d'octets. * +* * +* Retour : Bilan de l'opération à renvoyer. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_token_node_choice_build_id(GScanTokenNodeChoice *node, GEngineBackend *backend) +{ + bool result; /* Statut à retourner */ + size_t i; /* Boucle de parcours #1 */ + + result = true; + + for (i = 0; i < node->count && result; i++) + result = g_scan_token_node_build_id(node->children[i], backend); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -342,78 +419,117 @@ static bool g_scan_token_node_choice_enroll(GScanTokenNodeChoice *node, GScanCon * * ******************************************************************************/ -static void g_scan_token_node_choice_check_forward(const GScanTokenNodeChoice *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_choice_check_forward(const GScanTokenNodeChoice *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { - pending_matches_t init_matches; /* Correspondances initiales */ - node_search_offset_t init_offset; /* Intervales initiaux */ - size_t new_offset; /* Décompte d'intervales */ + bool initialized; /* Initialisation du suivi ? */ + match_area_t *collected_areas; /* Zones mises en place ici */ + size_t collected_count; /* Quantité de ces zones */ + TokenNodeCheckFlags local_cflags; /* Particularités nouvelles */ size_t i; /* Boucle de parcours */ - pending_matches_t tmp_matches; /* Copie locale de travail #1 */ - node_search_offset_t tmp_offset; /* Copie locale de travail #2 */ + scan_node_check_params_t local_params; /* Rassemblement de paramètres */ + + if (0x0) printf("=================== CHECK :: %s (skip? %d)\n", __FUNCTION__, *skip); if (*skip) return; - /* Copie des contextes de départ */ + /* Lancement des sous-traitements */ - copy_pending_matches(&init_matches, matches); + initialized = false; - exit_pending_matches(matches); - init_pending_matches(matches, &init_matches.content_start, &init_matches.content_end); + collected_areas = NULL; + collected_count = 0; - copy_node_search_offset(&init_offset, offset); + local_cflags = (cflags & ~TNCF_UPDATE_IN_PLACE) | TNCF_CREATE_NEW; - exit_node_search_offset(offset); - init_node_search_offset(offset); + for (i = 0; i < node->count; i++) + { + local_params = *params; - /* Lancement des sous-traitements */ + local_params.created_areas = NULL; + local_params.created_count = 0; - new_offset = 0; + local_params.kept_areas = NULL; + local_params.kept_count = 0; - for (i = 0; i < node->count; i++) - { - copy_pending_matches(&tmp_matches, &init_matches); - copy_node_search_offset(&tmp_offset, &init_offset); + if ((cflags & TNCF_CREATE_NEW) == 0 && (i + 1) == node->count) + local_cflags = cflags; + + _g_scan_token_node_check_forward(node->children[i], &local_params, local_cflags, skip); - _g_scan_token_node_check_forward(node->children[i], context, content, - &tmp_matches, &tmp_offset, not, skip); + initialized |= local_params.initialized; - merge_pending_matches(matches, &tmp_matches); - merge_node_search_offset(offset, &tmp_offset); + if (local_cflags & TNCF_KEEP_DISCARDED) + { + merge_match_areas(&collected_areas, &local_params.kept_areas); + collected_count += local_params.kept_count; + } - if (tmp_offset.used > 0) - new_offset++; + else if (local_cflags & TNCF_CREATE_NEW) + { + merge_match_areas(&collected_areas, &local_params.created_areas); + collected_count += local_params.created_count; + } - exit_pending_matches(&tmp_matches); - exit_node_search_offset(&tmp_offset); + else + { + assert(local_cflags & TNCF_UPDATE_IN_PLACE); + + merge_match_areas(&collected_areas, &local_params.main_areas); + collected_count += local_params.main_count; + + } } - /* Sortie propre */ + /* Enregistrement des résultats finaux */ - exit_pending_matches(&init_matches); - exit_node_search_offset(&init_offset); + if (collected_count > 1) + sort_match_areas_no_dup(&collected_areas, &collected_count, compare_match_area_as_dl_item, NULL); - /* "Alternative" directe en cas de motif(s) non terminé(s) par un intervale */ + if (0x0) printf("[%s] collected: #%zu (bis)\n", __FUNCTION__, collected_count); - if (new_offset != node->count) + params->initialized = initialized; + + if (cflags & TNCF_KEEP_DISCARDED) { - assert(node->count > 1); - add_range_to_node_search_offset(offset, 0, 0, NULL); + params->kept_areas = collected_areas; + params->kept_count = collected_count; } + else if (cflags & TNCF_CREATE_NEW) + { + params->created_areas = collected_areas; + params->created_count = collected_count; + } + + else + { + assert(cflags & TNCF_UPDATE_IN_PLACE); + + params->main_areas = collected_areas; + params->main_count = collected_count; + + } + + + + + + /// TODO : gestion des offets en sortie : ajout (+ ajout d'un test en Python) + + + + } /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offsets = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -423,64 +539,108 @@ static void g_scan_token_node_choice_check_forward(const GScanTokenNodeChoice *n * * ******************************************************************************/ -static void g_scan_token_node_choice_check_backward(const GScanTokenNodeChoice *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_choice_check_backward(const GScanTokenNodeChoice *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { - pending_matches_t init_matches; /* Correspondances initiales */ - node_search_offset_t init_offset; /* Intervales initiaux */ - size_t new_offset; /* Décompte d'intervales */ + match_area_t *collected_areas; /* Zones mises en place ici */ + size_t collected_count; /* Quantité de ces zones */ + TokenNodeCheckFlags local_cflags; /* Particularités nouvelles */ size_t i; /* Boucle de parcours */ - pending_matches_t tmp_matches; /* Copie locale de travail #1 */ - node_search_offset_t tmp_offset; /* Copie locale de travail #2 */ + scan_node_check_params_t local_params; /* Rassemblement de paramètres */ + + if (0x0) printf("=================== CHECK :: %s (skip? %d)\n", __FUNCTION__, *skip); if (*skip) return; - /* Copie des contextes de départ */ + /** + * En lecture à rebourd, au moins un noeud a été solicité pour analyse (lors + * du sens de lecture normal). Donc l'initialisation a déjà dû avoir lieu. + */ - copy_pending_matches(&init_matches, matches); - - exit_pending_matches(matches); - init_pending_matches(matches, &init_matches.content_start, &init_matches.content_end); - - copy_node_search_offset(&init_offset, offset); - - exit_node_search_offset(offset); - init_node_search_offset(offset); + assert(params->initialized); /* Lancement des sous-traitements */ - new_offset = 0; + collected_areas = NULL; + collected_count = 0; + + local_cflags = (cflags & ~TNCF_UPDATE_IN_PLACE) | TNCF_CREATE_NEW; for (i = 0; i < node->count; i++) { - copy_pending_matches(&tmp_matches, &init_matches); - copy_node_search_offset(&tmp_offset, &init_offset); + local_params = *params; + + local_params.created_areas = NULL; + local_params.created_count = 0; + + local_params.kept_areas = NULL; + local_params.kept_count = 0; + + if ((cflags & TNCF_CREATE_NEW) == 0 && (i + 1) == node->count) + local_cflags = cflags; - _g_scan_token_node_check_backward(node->children[i], context, content, - &tmp_matches, &tmp_offset, not, skip); + _g_scan_token_node_check_backward(node->children[i], &local_params, local_cflags, skip); - merge_pending_matches(matches, &tmp_matches); - merge_node_search_offset(offset, &tmp_offset); + if (local_cflags & TNCF_KEEP_DISCARDED) + { + merge_match_areas(&collected_areas, &local_params.kept_areas); + collected_count += local_params.kept_count; + } - if (tmp_offset.used > 0) - new_offset++; + else if (local_cflags & TNCF_CREATE_NEW) + { + merge_match_areas(&collected_areas, &local_params.created_areas); + collected_count += local_params.created_count; + } - exit_pending_matches(&tmp_matches); - exit_node_search_offset(&tmp_offset); + else + { + assert(local_cflags & TNCF_UPDATE_IN_PLACE); + + merge_match_areas(&collected_areas, &local_params.main_areas); + collected_count += local_params.main_count; + + } } - /* Sortie propre */ + /* Enregistrement des résultats finaux */ - exit_pending_matches(&init_matches); - exit_node_search_offset(&init_offset); + if (collected_count > 1) + sort_match_areas_no_dup(&collected_areas, &collected_count, compare_match_area_as_dl_item, NULL); - /* "Alternative" directe en cas de motif(s) non terminé(s) par un intervale */ + if (0x0) printf("[%s] collected: #%zu (bis)\n", __FUNCTION__, collected_count); - if (new_offset != node->count) + if (cflags & TNCF_KEEP_DISCARDED) { - assert(node->count > 1); - add_range_to_node_search_offset(offset, 0, 0, NULL); + params->kept_areas = collected_areas; + params->kept_count = collected_count; } + else if (cflags & TNCF_CREATE_NEW) + { + params->created_areas = collected_areas; + params->created_count = collected_count; + } + + else + { + assert(cflags & TNCF_UPDATE_IN_PLACE); + + params->main_areas = collected_areas; + params->main_count = collected_count; + + } + + + + + + /// TODO : gestion des offets en sortie : ajout (+ ajout d'un test en Python) + + + + + + } diff --git a/src/analysis/scan/patterns/tokens/nodes/masked-int.h b/src/analysis/scan/patterns/tokens/nodes/masked-int.h index 9eb8712..5fcc330 100644 --- a/src/analysis/scan/patterns/tokens/nodes/masked-int.h +++ b/src/analysis/scan/patterns/tokens/nodes/masked-int.h @@ -41,8 +41,9 @@ struct _GScanTokenNodeMasked size_t len; /* Taille de cette série */ sized_binary_t *raw; /* Liste de motifs à couvrir */ - tracked_scan_atom_t *atoms; /* Atomes correspondants */ - size_t count; /* Taille de cette liste */ + size_t raw_count; /* Taille de cette liste */ + + tracked_scan_atom_t *enrolled_atoms; /* Atomes correspondants */ size_t enrolled_count; /* Quantité avec identifiant */ }; diff --git a/src/analysis/scan/patterns/tokens/nodes/masked.c b/src/analysis/scan/patterns/tokens/nodes/masked.c index 8765b1d..5194cb8 100644 --- a/src/analysis/scan/patterns/tokens/nodes/masked.c +++ b/src/analysis/scan/patterns/tokens/nodes/masked.c @@ -56,16 +56,19 @@ static void g_scan_token_node_masked_finalize(GScanTokenNodeMasked *); static void g_scan_token_node_masked_visit(GScanTokenNodeMasked *, scan_tree_points_t *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -static bool g_scan_token_node_masked_enroll(GScanTokenNodeMasked *, GScanContext *, GEngineBackend *, size_t, size_t *); +static bool g_scan_token_node_masked_enroll(GScanTokenNodeMasked *, GEngineBackend *, size_t, size_t *); + +/* Récupère un identifiant final pour un atome d'octets. */ +static bool g_scan_token_node_masked_build_id(GScanTokenNodeMasked *, GEngineBackend *); /* Détermine si un contenu d'intérêt est présent à une position. */ static bool check_scan_token_node_masked_content(const masked_byte_t *, size_t, phys_t, GBinContent *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_masked_check_forward(const GScanTokenNodeMasked *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_masked_check_forward(const GScanTokenNodeMasked *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_masked_check_backward(const GScanTokenNodeMasked *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_masked_check_backward(const GScanTokenNodeMasked *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); @@ -102,8 +105,10 @@ static void g_scan_token_node_masked_class_init(GScanTokenNodeMaskedClass *klass node = G_SCAN_TOKEN_NODE_CLASS(klass); + node->apply = (apply_scan_token_node_flags_fc)NULL; node->visit = (visit_scan_token_node_fc)g_scan_token_node_masked_visit; node->enroll = (enroll_scan_token_node_fc)g_scan_token_node_masked_enroll; + node->build_id = (build_scan_token_node_id_fc)g_scan_token_node_masked_build_id; node->check_forward = (check_scan_token_node_fc)g_scan_token_node_masked_check_forward; node->check_backward = (check_scan_token_node_fc)g_scan_token_node_masked_check_backward; @@ -124,14 +129,14 @@ static void g_scan_token_node_masked_class_init(GScanTokenNodeMaskedClass *klass static void g_scan_token_node_masked_init(GScanTokenNodeMasked *masked) { - g_scan_token_node_set_flags(G_SCAN_TOKEN_NODE(masked), STNF_PROD); - masked->bytes = NULL; masked->len = 0; masked->raw = NULL; - masked->atoms = NULL; - masked->count = 0; + masked->raw_count = 0; + + masked->enrolled_atoms = NULL; + masked->enrolled_count = 0; } @@ -174,14 +179,14 @@ static void g_scan_token_node_masked_finalize(GScanTokenNodeMasked *masked) if (masked->bytes != NULL) free(masked->bytes); - for (i = 0; i < masked->count; i++) + for (i = 0; i < masked->raw_count; i++) exit_szstr(&masked->raw[i]); if (masked->raw != NULL) free(masked->raw); - if (masked->atoms != NULL) - free(masked->atoms); + if (masked->enrolled_atoms != NULL) + free(masked->enrolled_atoms); G_OBJECT_CLASS(g_scan_token_node_masked_parent_class)->finalize(G_OBJECT(masked)); @@ -305,7 +310,6 @@ static void g_scan_token_node_masked_visit(GScanTokenNodeMasked *node, scan_tree /****************************************************************************** * * * Paramètres : node = définition de la bribe à enregistrer. * -* context = contexte de l'analyse à mener. * * backend = moteur de recherche à préchauffer. * * maxsize = taille max. des atomes (mise en commun optimisée). * * slow = niveau de ralentissement induit (0 = idéal). [OUT] * @@ -318,7 +322,7 @@ static void g_scan_token_node_masked_visit(GScanTokenNodeMasked *node, scan_tree * * ******************************************************************************/ -static bool g_scan_token_node_masked_enroll(GScanTokenNodeMasked *node, GScanContext *context, GEngineBackend *backend, size_t maxsize, size_t *slow) +static bool g_scan_token_node_masked_enroll(GScanTokenNodeMasked *node, GEngineBackend *backend, size_t maxsize, size_t *slow) { bool result; /* Statut à retourner */ bool forced; /* Inclusion dans un scan ? */ @@ -333,6 +337,8 @@ static bool g_scan_token_node_masked_enroll(GScanTokenNodeMasked *node, GScanCon { *slow += (maxsize * 2); + node->raw = make_atoms_from_masked_bytes(node->bytes, node->len, &node->raw_count); + /** * Dans le cas bien précis de l'usage de l'algorithme Bitap pour les recherches * dans le contenu binaire à analyser, on tire parti du coût nul des recherches @@ -353,19 +359,23 @@ static bool g_scan_token_node_masked_enroll(GScanTokenNodeMasked *node, GScanCon else { - node->raw = make_atoms_from_masked_byte(node->bytes[0].value, node->bytes[0].mask, &node->count); - - node->atoms = malloc(node->count * sizeof(tracked_scan_atom_t)); + node->enrolled_atoms = malloc(node->raw_count * sizeof(tracked_scan_atom_t)); + node->enrolled_count = node->raw_count; - for (i = 0; i < node->count && result; i++) + for (i = 0; i < node->enrolled_count && result; i++) { - find_best_atom(&node->raw[i], maxsize, &node->atoms[i], NULL); + find_best_atom(&node->raw[i], maxsize, &node->enrolled_atoms[i], NULL); - result = enroll_prepared_atom(&node->raw[i], context, backend, &node->atoms[i]); + /** + * Correction : si l'atome ne représente qu'une vue partielle, + * la validation rapide ne peut s'appliquer. + */ + if (node->enrolled_atoms[i].fast_check) + node->enrolled_atoms[i].fast_check = (node->enrolled_atoms[i].len == node->len); - } + result = enroll_prepared_atom(&node->raw[i], backend, &node->enrolled_atoms[i]); - node->enrolled_count = node->count; + } } @@ -378,6 +388,34 @@ static bool g_scan_token_node_masked_enroll(GScanTokenNodeMasked *node, GScanCon /****************************************************************************** * * +* Paramètres : node = définition de la bribe à peaufiner. * +* backend = moteur de recherche à préchauffer. * +* * +* Description : Récupère un identifiant final pour un atome d'octets. * +* * +* Retour : Bilan de l'opération à renvoyer. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_token_node_masked_build_id(GScanTokenNodeMasked *node, GEngineBackend *backend) +{ + bool result; /* Statut à retourner */ + size_t i; /* Boucle de parcours #1 */ + + result = true; + + for (i = 0; i < node->enrolled_count && result; i++) + result = build_atom_pattern_id(&node->enrolled_atoms[i], backend); + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : bytes = octets partiels avec leur masque à interpréter. * * len = quantité d'octets à interpréter. * * start = point d'analyse à respecter. * @@ -419,13 +457,10 @@ static bool check_scan_token_node_masked_content(const masked_byte_t *bytes, siz /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -435,37 +470,39 @@ static bool check_scan_token_node_masked_content(const masked_byte_t *bytes, siz * * ******************************************************************************/ -static void g_scan_token_node_masked_check_forward(const GScanTokenNodeMasked *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_masked_check_forward(const GScanTokenNodeMasked *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { - bool initialized; /* Initialisation du suivi ? */ #ifndef NDEBUG bool forced; /* Inclusion dans un scan ? */ #endif - size_t ocount; /* Quantité de bornes présentes*/ - node_offset_range_t * const *ranges_ptr;/* Bornes d'espace à parcourir */ + match_area_t **areas; /* Liste de zones à constituer */ + size_t *count; /* Taille de cette liste */ + bool copy; /* Besoin d'une copie ? */ + bool inverted; /* Inversion des bilans ? */ size_t i; /* Boucle de parcours #1 */ const tracked_scan_atom_t *atom; /* Atome correspondant */ - size_t count; /* Quantité de bribes trouvées */ - const phys_t *found; /* Localisations des bribes */ - size_t k; /* Boucle de parcours #2 */ - phys_t new_begin; /* Nouveau départ à tester */ - size_t o; /* Boucle de parcours #3 */ - const node_offset_range_t *range; /* Bornes d'espace à parcourir */ + match_area_t *atoms; /* Localisations des bribes */ + bool first_round; /* Premier tour de traitement */ + match_area_t *area; /* Correspondance à valider */ + match_area_t *next; /* Correspondance suivante */ + phys_t start; /* Début potentiel de motif */ bool status; /* Bilan d'une correspondance */ - size_t pcount; /* Nombre de correspondances */ - match_area_t * const *pending_ptr; /* Correspondances actuelles */ - size_t p; /* Boucle de parcours #4 */ - match_area_t *pending; /* Correspondance à traiter */ phys_t after; /* Espace disposible après */ - phys_t min; /* Borne minimale déterminée */ - phys_t max; /* Borne maximale déterminée */ - phys_t j; /* Boucle de parcours #5 */ + phys_t min_end; /* Fin la plus proche possible */ + phys_t max_end; /* Fin la plus éloignée trouvée*/ + bool updated; /* Existence de correspondance */ + size_t rcount; /* Quantité de bornes présentes*/ + const node_offset_range_t *ranges; /* Bornes d'espace à parcourir */ + size_t r; /* Boucle de parcours #xxxxxxxxxxxx*/ + phys_t p; /* Boucle de parcours #xxxxxxxxxxxx*/ + phys_t updated_edge; /* Nouvelle bordure de motif */ + match_area_t *new_area; /* Copie de correspondance */ + + if (0x0) printf("=================== CHECK :: %s (skip? %d)\n", __FUNCTION__, *skip); if (*skip) return; - initialized = are_pending_matches_initialized(matches); - /** * Si l'analyse arrive à un ou plusieurs octets masqués, soit il s'agit du * premier noeud, et la génération d'atomes a été forcée pour obtenir des @@ -475,133 +512,227 @@ static void g_scan_token_node_masked_check_forward(const GScanTokenNodeMasked *n */ #ifndef NDEBUG forced = (g_scan_token_node_get_flags(G_SCAN_TOKEN_NODE(node)) & STNF_MAIN); - assert((!initialized && forced) || (initialized && (!forced || not))); + assert((!params->initialized && forced) || (params->initialized && (!forced || cflags & TNCF_KEEP_DISCARDED))); #endif - ranges_ptr = get_node_search_offset_ranges(offset, &ocount); - - /* Si aucune correspondance n'a été établie */ - if (!initialized) + if (!params->initialized) { - for (i = 0; i < node->enrolled_count; i++) + /* Destinations établies une fois pour toutes */ + + if (cflags & TNCF_KEEP_DISCARDED) { - atom = &node->atoms[i]; + areas = ¶ms->kept_areas; + count = ¶ms->kept_count; - found = g_scan_context_get_atom_matches(context, atom->pid, &count); + copy = false; + inverted = true; - for (k = 0; k < count; k++) - { - assert(atom->pos == 0); + } + + else if (cflags & TNCF_CREATE_NEW) + { + areas = ¶ms->created_areas; + count = ¶ms->created_count; + + copy = true; + inverted = false; + + } + + else + { + assert(cflags & TNCF_UPDATE_IN_PLACE); + + areas = ¶ms->main_areas; + count = ¶ms->main_count; + + copy = false; + inverted = false; + + } - new_begin = found[k]; + /* Parcours des combinaisons enregistrées */ + for (i = 0; i < node->enrolled_count; i++) + { + atom = &node->enrolled_atoms[i]; + + atoms = g_scan_context_get_atom_matches(params->context, atom->pid); + + first_round = (*count == 0); + + if (atom->fast_check) + { /** - * Si des bornes sont spécifiées, la position de l'atome est testée. - * - * Dans la pratique, cette situation (non initialisée) ne peut provenir - * que d'un espace situé dans le vide, donc couvrant un large périmètre. - * La validation a ainsi de grandes chances de passer... - * - * Le motif pouvant amener à cette situation (pas d'initialisation, - * mais à décalage à considérer) est par exemple : - * - * ~( ?? ?1 ) - * + * Toutes les correspondances sont validées d'office car le motif identifié + * correspondant au motif complet. */ - if (ocount > 0) + + if (!inverted) { - if (!does_node_search_offset_include_pos_forward(offset, 0, new_begin)) - continue; + for_each_match_area(area, atoms) + { + /** + * La modification de la zone d'origine est possible dans tous les cas + * car cette zone a été allouée de façon dédiée à un type de correspondances + * et ne sera pas réutilisée comme autre source de correspondance ailleurs. + */ + + assert(area->end >= atom->len); + + area->start = area->end - atom->len; + + (*count)++; + + } + } - /** - * Existe-t-il assez de place pour faire tenir le motif masqué ? - */ - if ((new_begin + node->len) > matches->content_end) - continue; + else + atoms = NULL; - status = check_scan_token_node_masked_content(node->bytes, node->len, new_begin, content); + } - if ((status && !not) || (!status && not)) + else + { + for_each_match_area_safe(area, &atoms, next) { - /** - * Il ne peut y avoir qu'une seule séquence d'octets à un même - * emplacement, donc le couple (start, len) enregistré est - * unique. - */ - add_pending_match(matches, new_begin, node->len); + start = area->end - atom->len - atom->pos; + + status = check_scan_token_node_masked_content(node->bytes, node->len, + start, params->content); + + if (status) + { + /** + * La modification de la zone d'origine est possible dans tous les cas + * car cette zone a été allouée de façon dédiée à un type de correspondances + * et ne sera pas réutilisée comme autre source de correspondance ailleurs. + */ + + if (!inverted) + { + area->start = start; + area->end += atom->rem; + + (*count)++; + + } + else + del_match_area(area, &atoms); + + } + + else + { + /** + * Les principes de modifications restent valables, même inversés. + */ + if (inverted) + { + area->start = start; + area->end += atom->rem; + + (*count)++; + + } + else + del_match_area(area, &atoms); + + } } + + } + + /* Mise à jour de la liste */ + + if (atoms != NULL) + { + if (first_round) + *areas = atoms; + + else + merge_match_areas(areas, &atoms); + } } } - /* Si les correspondances en place sont à confirmer et compléter */ + /** + * Poursuite des traitements sur des correspondances déjà amorcées, impliquant + * des comparaisons entières de motifs. + */ else { - reset_pending_matches_ttl(matches); - - pending_ptr = get_all_pending_matches(matches, &pcount); + if (0x0) printf(" LIST : %p (sz = %zu)\n", params->main_areas, params->main_count); - for (p = 0; p < pcount; p++) + for_each_match_area_safe(area, ¶ms->main_areas, next) { - pending = (*pending_ptr) + p; + assert(area->end <= params->content_end); - assert(pending->end <= matches->content_end); + after = params->content_end - area->end; - after = matches->content_end - pending->end; + if (0x0) printf("---------- iter @ %u -> %u\n", (unsigned int)area->start, (unsigned int)area->end); - new_begin = pending->end; + /** + * S'il s'avère qu'il existe de multiples correspondances dans l'espace + * analysé, c'est la prise en compte d'une éventuelle avarice quant aux + * distances consommées qui va sélectionner la position d'une bribe de + * correspondance retenue. + * + * Par exemple, deux correspondances '?1 ?1 [1-3] ?2 ?2' peuvent être + * valides pour un même contenu : + * + * aa.bbb -> correspondance 'aa.bb' + * ^ + * + * aa.bbb -> correspondance 'aa..bb' + * ^ + */ - if (ocount > 0) + min_end = params->content_end; + max_end = params->content_start; + + updated = false; + + /* Souplesse dans les positions ? */ + if (offsets_exist(¶ms->offset)) { - for (o = 0; o < ocount; o++) + ranges = get_node_search_offset_ranges_2(¶ms->offset, &rcount); + + for (r = 0; r < rcount; r++) { - range = (*ranges_ptr) + o; - - /** - * Si bornes de tolérance il y a, l'espace restant est validé en - * tenant compte de ces bornes. - */ - if (!get_node_offset_range(range, node->len, after, &min, &max)) - continue; - - /** - * Une recherche des différentes correspondances amont est lancée. - */ - for (j = min; j <= max; j++) + assert(ranges[r].has_max); + assert((ranges[r].max - ranges[r].min) <= MAX_RANGE_FOR_MANUAL_CHECK); + + for (p = ranges[r].min; p <= ranges[r].max; p++) { + /** + * Si la fin d'une correspondance potentielle est trop près de + * la fin du contenu binaire et ne peut contenir le motif + * représenté, alors la corresponance est écartée sans appel. + */ + if ((p + node->len) > after) + break; + status = check_scan_token_node_masked_content(node->bytes, node->len, - new_begin + j, content); + area->end + p, params->content); - if ((status && !not) || (!status && not)) + if (status) { - /** - * S'il s'avère qu'il existe de multiples correspondances dans l'espace - * analysé, c'est la fonction extend_pending_match_ending() qui - * duplique cette correspondance, en s'appuyant sur le TTL pour - * repérer ce cas de figure. - * - * Par exemple, deux correspondances '?1 ?1 [1-3] ?2 ?2' - * sont valides pour un même contenu : - * - * aa.bbb -> correspondance 'aa.bb' - * ^ - * - * aa.bbb -> correspondance 'aa..bb' - * ^ - */ - extend_pending_match_ending(matches, p, new_begin + j + node->len); - - /** - * Comme l'extension a pu conduire à un ajout et donc à une - * réallocation de la liste, on recharge l'élément pour les - * itérations suivantes. - */ - pending = (*pending_ptr) + p; + updated_edge = area->end + p + node->len; + + if (updated_edge < min_end) + min_end = updated_edge; + + if (updated_edge > max_end) + max_end = updated_edge; + + updated = true; } @@ -611,55 +742,133 @@ static void g_scan_token_node_masked_check_forward(const GScanTokenNodeMasked *n } + /* Position immédiatement attendue */ else { /** * Si la fin d'une correspondance potentielle est trop près de * la fin du contenu binaire et ne peut contenir le motif - * représenté, alors la corresponance est écartée. + * représenté, alors la corresponance est écartée sans appel. */ - if (node->len > after) - continue; + if (node->len <= after) + { + status = check_scan_token_node_masked_content(node->bytes, node->len, + area->end, params->content); - new_begin = pending->end; + if (status) + { + updated_edge = area->end + node->len; + + min_end = updated_edge; + max_end = updated_edge; - status = check_scan_token_node_masked_content(node->bytes, node->len, new_begin, content); + updated = true; - if ((status && !not) || (!status && not)) + } + + } + + } + + if (updated) + { + /** + * Si seuls les rejets sont d'intérêt, les correspondances établies + * ne se voient pas mises à jours ni retirées. + */ + + if ((cflags & TNCF_KEEP_DISCARDED) == 0) { - extend_pending_match_ending(matches, p, new_begin + node->len); + if (cflags & TNCF_UPDATE_IN_PLACE) + area->end = (1 /* greedy */ ? min_end : max_end); + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; - /** - * Comme il n'y a qu'une seule itération par correspondance, - * nul besoin de recharcher l'élément. - */ + new_area->end = (1 /* greedy */ ? min_end : max_end); + + add_tail_match_area(new_area, ¶ms->created_areas); + params->created_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif } } - } + else + { + /** + * Si la liste principale doit être mise à jour... + */ + + if (cflags & TNCF_UPDATE_IN_PLACE) + { + del_match_area(area, ¶ms->main_areas); + assert(params->main_count > 0); + params->main_count--; + } + + /** + * Au cas où le rejet est d'intérêt, l'absence de correspondance + * est conservée dans une liste dédiée. + */ + + if (cflags & TNCF_KEEP_DISCARDED) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + { + add_tail_match_area(area, ¶ms->kept_areas); + params->kept_count++; + } + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->end = (1 /* greedy */ ? min_end : max_end); + + add_tail_match_area(new_area, ¶ms->kept_areas); + params->kept_count++; + + } - purge_pending_matches(matches); +#ifndef NDEBUG + else + assert(false); +#endif + + } + + } + + } } - set_pending_matches_initialized(matches); + params->initialized = true; - disable_all_ranges_in_node_search_offset(offset); + disable_all_ranges_in_node_search_offset(¶ms->offset); } /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offsets = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -669,26 +878,32 @@ static void g_scan_token_node_masked_check_forward(const GScanTokenNodeMasked *n * * ******************************************************************************/ -static void g_scan_token_node_masked_check_backward(const GScanTokenNodeMasked *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_masked_check_backward(const GScanTokenNodeMasked *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { #ifndef NDEBUG bool forced; /* Inclusion dans un scan ? */ #endif - size_t pcount; /* Nombre de correspondances */ - match_area_t * const *pending_ptr; /* Correspondances actuelles */ - size_t ocount; /* Quantité de bornes présentes*/ - node_offset_range_t * const *ranges_ptr;/* Bornes d'espace à parcourir */ - size_t p; /* Boucle de parcours #1 */ - const match_area_t *pending; /* Correspondance à traiter */ - phys_t before; /* Espace disposible avant */ - phys_t new_begin; /* Nouveau départ à tester */ - size_t o; /* Boucle de parcours #2 */ - const node_offset_range_t *range; /* Bornes d'espace à parcourir */ - phys_t min; /* Borne minimale déterminée */ - phys_t max; /* Borne maximale déterminée */ - phys_t j; /* Boucle de parcours #3 */ + + + bool status; /* Bilan d'une correspondance */ + + match_area_t *area; /* Correspondance à valider */ + match_area_t *next; /* Correspondance suivante */ + phys_t before; /* Espace disposible avant */ + phys_t min_start; /* Début le plus proche trouvé */ + phys_t max_start; /* Début le plus distant trouvé*/ + bool updated; /* Existence de correspondance */ + size_t rcount; /* Quantité de bornes présentes*/ + const node_offset_range_t *ranges; /* Bornes d'espace à parcourir */ + size_t r; /* Boucle de parcours #xxxxxxxxxxxx*/ + phys_t p; /* Boucle de parcours #xxxxxxxxxxxx*/ + phys_t updated_edge; /* Nouvelle bordure de motif */ + match_area_t *new_area; /* Copie de correspondance */ + + if (0x0) printf("=================== CHECK :: %s (skip? %d)\n", __FUNCTION__, *skip); + if (*skip) return; @@ -696,7 +911,7 @@ static void g_scan_token_node_masked_check_backward(const GScanTokenNodeMasked * * En lecture à rebourd, au moins un noeud a été solicité pour analyse (lors * du sens de lecteur normal). Donc l'initialisation a déjà dû avoir lieu. */ - assert(are_pending_matches_initialized(matches)); + assert(params->initialized); /** * Si les recherches associées au noeud ont été forcées, alors les traitements @@ -707,65 +922,121 @@ static void g_scan_token_node_masked_check_backward(const GScanTokenNodeMasked * assert(!forced); #endif - reset_pending_matches_ttl(matches); - pending_ptr = get_all_pending_matches(matches, &pcount); - ranges_ptr = get_node_search_offset_ranges(offset, &ocount); - for (p = 0; p < pcount; p++) + /** + * ............. + */ + if (0) { - pending = (*pending_ptr) + p; - assert(matches->content_start <= pending->start); - before = pending->start - matches->content_start; + ; + + + + } - new_begin = pending->start - node->len; + /** + * Poursuite des traitements sur des correspondances déjà amorcées, impliquant + * des comparaisons entières de motifs. + */ + else + { + if (0x0) printf(" LIST : %p (sz = %zu)\n", params->main_areas, params->main_count); - if (ocount > 0) + for_each_match_area_safe(area, ¶ms->main_areas, next) { - for (o = 0; o < ocount; o++) + assert(params->content_start <= area->start); + + before = area->start - params->content_start; + + if (0x0) printf("---------- iter @ %u -> %u\n", (unsigned int)area->start, (unsigned int)area->end); + + /** + * Il ne peut y avoir qu'une seule séquence d'octets à un même + * emplacement. En revanche, des modificateurs peuvent construire + * possédant une même base, mais offrant des suffixes différents + * (par exemple, un marqueur nul UTF-16 final en complément). + * + * L'ensemble des combinaisons produites doit ainsi être exploré. + */ + + min_start = params->content_start; + max_start = params->content_end; + + updated = false; + + /* Souplesse dans les positions ? */ + if (offsets_exist(¶ms->offset)) { - range = (*ranges_ptr) + o; + ranges = get_node_search_offset_ranges_2(¶ms->offset, &rcount); - /** - * Si bornes de tolérance il y a, l'espace restant est validé en - * tenant compte de ces bornes. - */ - if (!get_node_offset_range(range, node->len, before, &min, &max)) + for (r = 0; r < rcount; r++) { - if (not) - extend_pending_match_beginning(matches, p, pending->start - node->len); + assert(ranges[r].has_max); + assert((ranges[r].max - ranges[r].min) <= MAX_RANGE_FOR_MANUAL_CHECK); + + for (p = ranges[r].min; p <= ranges[r].max; p++) + { + /** + * Si la fin d'une correspondance potentielle est trop près de + * la fin du contenu binaire et ne peut contenir le motif + * représenté, alors la corresponance est écartée sans appel. + */ + if ((p + node->len) > before) + break; - continue; + status = check_scan_token_node_masked_content(node->bytes, node->len, + area->start - node->len - p, + params->content); + + if (status) + { + updated_edge = area->start - node->len - p; + + if (updated_edge > min_start) + min_start = updated_edge; + + if (updated_edge < max_start) + max_start = updated_edge; + + updated = true; + + } + + } } + } + + /* Position immédiatement attendue */ + else + { /** - * Une recherche des différentes correspondances amont est lancée. + * Si la fin d'une correspondance potentielle est trop près du + * début du contenu binaire et ne peut contenir le motif + * représenté, alors la corresponance est écartée sans appel. */ - for (j = min; j <= max; j++) + if (node->len <= before) { status = check_scan_token_node_masked_content(node->bytes, node->len, - new_begin - j, content); + area->start - node->len, + params->content); - if ((status && !not) || (!status && not)) + if (status) { - /** - * S'il s'avère qu'il existe de multiples correspondances dans l'espace - * analysé, c'est la fonction extend_pending_match_beginning() qui - * duplique cette correspondance, en s'appuyant sur le TTL pour - * repérer ce cas de figure. - */ - extend_pending_match_beginning(matches, p, new_begin); + updated_edge = area->start - node->len; - /** - * Comme l'extension a pu conduire à un ajout et donc à une - * réallocation de la liste, on recharge l'élément pour les - * itérations suivantes. - */ - pending = (*pending_ptr) + p; + if (updated_edge > min_start) + min_start = updated_edge; + + if (updated_edge < max_start) + max_start = updated_edge; + + updated = true; } @@ -773,35 +1044,92 @@ static void g_scan_token_node_masked_check_backward(const GScanTokenNodeMasked * } - } - - else - { - /** - * Si le début d'une correspondance potentielle est trop près du début - * du contenu binaire et ne peut contenir le motif représenté, alors - * la corresponance est écartée. - */ - if (node->len > before) + if (updated) { - if (not) - extend_pending_match_beginning(matches, p, new_begin); + /** + * Si seuls les rejets sont d'intérêt, les correspondances établies + * ne se voient pas mises à jours ni retirées. + */ - continue; + if ((cflags & TNCF_KEEP_DISCARDED) == 0) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + area->start = (1 /* greedy */ ? min_start : max_start); + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->start = (1 /* greedy */ ? min_start : max_start); + + add_tail_match_area(new_area, ¶ms->created_areas); + params->created_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif + + } } - status = check_scan_token_node_masked_content(node->bytes, node->len, new_begin, content); + else + { + /** + * Si la liste principale doit être mise à jour... + */ - if ((status && !not) || (!status && not)) - extend_pending_match_beginning(matches, p, new_begin); + if (cflags & TNCF_UPDATE_IN_PLACE) + { + del_match_area(area, ¶ms->main_areas); + assert(params->main_count > 0); + params->main_count--; + } + + /** + * Au cas où le rejet est d'intérêt, l'absence de correspondance + * est conservée dans une liste dédiée. + */ + + if (cflags & TNCF_KEEP_DISCARDED) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + { + add_tail_match_area(area, ¶ms->kept_areas); + params->kept_count++; + } + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->start = (1 /* greedy */ ? min_start : max_start); + + add_tail_match_area(new_area, ¶ms->kept_areas); + params->kept_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif + + } + + } } } - purge_pending_matches(matches); - - disable_all_ranges_in_node_search_offset(offset); + disable_all_ranges_in_node_search_offset(¶ms->offset); } diff --git a/src/analysis/scan/patterns/tokens/nodes/masked.h b/src/analysis/scan/patterns/tokens/nodes/masked.h index d1765fa..04a05bc 100644 --- a/src/analysis/scan/patterns/tokens/nodes/masked.h +++ b/src/analysis/scan/patterns/tokens/nodes/masked.h @@ -49,15 +49,6 @@ typedef struct _GScanTokenNodeMasked GScanTokenNodeMasked; typedef struct _GScanTokenNodeMaskedClass GScanTokenNodeMaskedClass; -/* Mémorisation d'un octet visé avec son masque */ -typedef struct _masked_byte_t -{ - bin_t value; /* Valeur de l'octet visé */ - bin_t mask; /* Masque à appliquer */ - -} masked_byte_t; - - /* Indique le type défini pour un noeud représentant une bribe partielle à retrouver. */ GType g_scan_token_node_masked_get_type(void); diff --git a/src/analysis/scan/patterns/tokens/nodes/not.c b/src/analysis/scan/patterns/tokens/nodes/not.c index c54a66f..81fce28 100644 --- a/src/analysis/scan/patterns/tokens/nodes/not.c +++ b/src/analysis/scan/patterns/tokens/nodes/not.c @@ -24,6 +24,9 @@ #include "not.h" +#include <assert.h> + + #include "not-int.h" @@ -48,17 +51,23 @@ static void g_scan_token_node_not_finalize(GScanTokenNodeNot *); /* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ +/* Prend acte d'une nouvelle propriété pour le noeud. */ +static void g_scan_token_node_not_apply_flags(GScanTokenNodeNot *, ScanTokenNodeFlags); + /* Parcourt une arborescence de noeuds et y relève des éléments. */ static void g_scan_token_node_not_visit(GScanTokenNodeNot *, scan_tree_points_t *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -static bool g_scan_token_node_not_enroll(GScanTokenNodeNot *, GScanContext *, GEngineBackend *, size_t, size_t *); +static bool g_scan_token_node_not_enroll(GScanTokenNodeNot *, GEngineBackend *, size_t, size_t *); + +/* Récupère un identifiant final pour un atome d'octets. */ +static bool g_scan_token_node_not_build_id(GScanTokenNodeNot *, GEngineBackend *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_not_check_forward(const GScanTokenNodeNot *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_not_check_forward(const GScanTokenNodeNot *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_not_check_backward(const GScanTokenNodeNot *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_not_check_backward(const GScanTokenNodeNot *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); @@ -95,8 +104,10 @@ static void g_scan_token_node_not_class_init(GScanTokenNodeNotClass *klass) node = G_SCAN_TOKEN_NODE_CLASS(klass); + node->apply = (apply_scan_token_node_flags_fc)g_scan_token_node_not_apply_flags; node->visit = (visit_scan_token_node_fc)g_scan_token_node_not_visit; node->enroll = (enroll_scan_token_node_fc)g_scan_token_node_not_enroll; + node->build_id = (build_scan_token_node_id_fc)g_scan_token_node_not_build_id; node->check_forward = (check_scan_token_node_fc)g_scan_token_node_not_check_forward; node->check_backward = (check_scan_token_node_fc)g_scan_token_node_not_check_backward; @@ -223,6 +234,26 @@ bool g_scan_token_node_not_create(GScanTokenNodeNot *not, GScanTokenNode *child) /****************************************************************************** * * +* Paramètres : node = noeud de motif à mettre à jour. * +* flags = propriétés particulières à associer au noeud. * +* * +* Description : Prend acte d'une nouvelle propriété pour le noeud. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_token_node_not_apply_flags(GScanTokenNodeNot *node, ScanTokenNodeFlags flags) +{ + g_scan_token_node_set_flags(node->child, flags); + +} + + +/****************************************************************************** +* * * Paramètres : node = point de départ du parcours à effectuer. * * points = points capitaux de l'arborescence. [OUT] * * * @@ -244,7 +275,6 @@ static void g_scan_token_node_not_visit(GScanTokenNodeNot *node, scan_tree_point /****************************************************************************** * * * Paramètres : node = définition de la bribe à enregistrer. * -* context = contexte de l'analyse à mener. * * backend = moteur de recherche à préchauffer. * * maxsize = taille max. des atomes (mise en commun optimisée). * * slow = niveau de ralentissement induit (0 = idéal). [OUT] * @@ -257,11 +287,11 @@ static void g_scan_token_node_not_visit(GScanTokenNodeNot *node, scan_tree_point * * ******************************************************************************/ -static bool g_scan_token_node_not_enroll(GScanTokenNodeNot *node, GScanContext *context, GEngineBackend *backend, size_t maxsize, size_t *slow) +static bool g_scan_token_node_not_enroll(GScanTokenNodeNot *node, GEngineBackend *backend, size_t maxsize, size_t *slow) { bool result; /* Statut à retourner */ - result = _g_scan_token_node_enroll(node->child, context, backend, maxsize, slow); + result = _g_scan_token_node_enroll(node->child, backend, maxsize, slow); return result; @@ -270,13 +300,34 @@ static bool g_scan_token_node_not_enroll(GScanTokenNodeNot *node, GScanContext * /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à peaufiner. * +* backend = moteur de recherche à préchauffer. * +* * +* Description : Récupère un identifiant final pour un atome d'octets. * +* * +* Retour : Bilan de l'opération à renvoyer. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_token_node_not_build_id(GScanTokenNodeNot *node, GEngineBackend *backend) +{ + bool result; /* Statut à retourner */ + + result = g_scan_token_node_build_id(node->child, backend); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -286,8 +337,12 @@ static bool g_scan_token_node_not_enroll(GScanTokenNodeNot *node, GScanContext * * * ******************************************************************************/ -static void g_scan_token_node_not_check_forward(const GScanTokenNodeNot *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_not_check_forward(const GScanTokenNodeNot *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { + +#if 0 + + bool initialized; /* Initialisation du suivi ? */ phys_t i; /* Boucle de parcours */ @@ -306,7 +361,7 @@ static void g_scan_token_node_not_check_forward(const GScanTokenNodeNot *node, G initialized = are_pending_matches_initialized(matches); - printf("TOTO......(init done? %d)\n", initialized); + //printf("TOTO......(init done? %d)\n", initialized); @@ -322,7 +377,7 @@ static void g_scan_token_node_not_check_forward(const GScanTokenNodeNot *node, G _g_scan_token_node_check_forward(node->child, context, content, matches, offset, !not, skip); - +#endif } @@ -330,13 +385,10 @@ static void g_scan_token_node_not_check_forward(const GScanTokenNodeNot *node, G /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -346,7 +398,7 @@ static void g_scan_token_node_not_check_forward(const GScanTokenNodeNot *node, G * * ******************************************************************************/ -static void g_scan_token_node_not_check_backward(const GScanTokenNodeNot *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_not_check_backward(const GScanTokenNodeNot *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { diff --git a/src/analysis/scan/patterns/tokens/nodes/plain.c b/src/analysis/scan/patterns/tokens/nodes/plain.c index 5a7f976..5dd45df 100644 --- a/src/analysis/scan/patterns/tokens/nodes/plain.c +++ b/src/analysis/scan/patterns/tokens/nodes/plain.c @@ -52,20 +52,26 @@ static void g_scan_token_node_plain_finalize(GScanTokenNodePlain *); /* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ +/* Communique l'intérêt d'un noeud au sein d'une analyse. */ +static float g_scan_token_node_plain_compute_weight_for_scan(const GScanTokenNodePlain *); + /* Parcourt une arborescence de noeuds et y relève des éléments. */ static void g_scan_token_node_plain_visit(GScanTokenNodePlain *, scan_tree_points_t *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -static bool g_scan_token_node_plain_enroll(GScanTokenNodePlain *, GScanContext *, GEngineBackend *, size_t, size_t *); +static bool g_scan_token_node_plain_enroll(GScanTokenNodePlain *, GEngineBackend *, size_t, size_t *); + +/* Récupère un identifiant final pour un atome d'octets. */ +static bool g_scan_token_node_plain_build_id(GScanTokenNodePlain *, GEngineBackend *); /* Détermine si un contenu d'intérêt est présent à une position. */ static bool check_scan_token_node_plain_content(const sized_binary_t *, const tracked_scan_atom_t *, bool, phys_t, GBinContent *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_plain_check_forward(const GScanTokenNodePlain *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_plain_check_forward(const GScanTokenNodePlain *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_plain_check_backward(const GScanTokenNodePlain *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_plain_check_backward(const GScanTokenNodePlain *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); @@ -102,8 +108,11 @@ static void g_scan_token_node_plain_class_init(GScanTokenNodePlainClass *klass) node = G_SCAN_TOKEN_NODE_CLASS(klass); + node->compute_weight = (compute_scan_token_node_weight_fc)g_scan_token_node_plain_compute_weight_for_scan; + node->apply = (apply_scan_token_node_flags_fc)NULL; node->visit = (visit_scan_token_node_fc)g_scan_token_node_plain_visit; node->enroll = (enroll_scan_token_node_fc)g_scan_token_node_plain_enroll; + node->build_id = (build_scan_token_node_id_fc)g_scan_token_node_plain_build_id; node->check_forward = (check_scan_token_node_fc)g_scan_token_node_plain_check_forward; node->check_backward = (check_scan_token_node_fc)g_scan_token_node_plain_check_backward; @@ -124,8 +133,6 @@ static void g_scan_token_node_plain_class_init(GScanTokenNodePlainClass *klass) static void g_scan_token_node_plain_init(GScanTokenNodePlain *plain) { - g_scan_token_node_set_flags(G_SCAN_TOKEN_NODE(plain), STNF_PROD); - init_szstr(&plain->orig); plain->modifier = NULL; plain->flags = SPNF_NONE; @@ -277,6 +284,35 @@ ScanPlainNodeFlags g_scan_token_node_plain_get_flags(const GScanTokenNodePlain * } +/****************************************************************************** +* * +* Paramètres : node = définition de la bribe à consulter. * +* index = indice de la combinaison de modificateurs ciblée. * +* * +* Description : Retrouve l'origine d'une correspondance à partir d'un indice.* +* * +* Retour : Version humainement lisible de la combinaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +char *g_scan_token_node_plain_get_modifier_path(const GScanTokenNodePlain *node, size_t index) +{ + char *result; /* Combinaison à retourner */ + + if (node->modifier == NULL) + result = strdup("plain"); + + else + result = g_scan_token_modifier_get_path(node->modifier, (size_t []){ index }); + + return result; + + +} + + /* ---------------------------------------------------------------------------------- */ /* IMPLEMENTATION DES FONCTIONS DE CLASSE */ @@ -285,6 +321,29 @@ ScanPlainNodeFlags g_scan_token_node_plain_get_flags(const GScanTokenNodePlain * /****************************************************************************** * * +* Paramètres : node = noeud de motif à consulter. * +* * +* Description : Communique l'intérêt d'un noeud au sein d'une analyse. * +* * +* Retour : Poids de l'importance pour un départ de scan. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static float g_scan_token_node_plain_compute_weight_for_scan(const GScanTokenNodePlain *node) +{ + float result; /* Valeur à retourner */ + + result = node->orig.len; + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : node = point de départ du parcours à effectuer. * * points = points capitaux de l'arborescence. [OUT] * * * @@ -298,9 +357,25 @@ ScanPlainNodeFlags g_scan_token_node_plain_get_flags(const GScanTokenNodePlain * static void g_scan_token_node_plain_visit(GScanTokenNodePlain *node, scan_tree_points_t *points) { + GScanTokenNode *candidate; /* Autre version du noeud */ + float node_weight; /* Poids du noeud courant */ + float other_weight; /* Poids de l'autre noeud */ + if (points->first_plain == NULL) points->first_plain = G_SCAN_TOKEN_NODE(node); + else + { + candidate = G_SCAN_TOKEN_NODE(node); + + node_weight = g_scan_token_node_compute_weight_for_scan(candidate); + other_weight = g_scan_token_node_compute_weight_for_scan(points->first_plain); + + if (node_weight >= other_weight) + points->first_plain = candidate; + + } + } @@ -320,7 +395,7 @@ static void g_scan_token_node_plain_visit(GScanTokenNodePlain *node, scan_tree_p * * ******************************************************************************/ -static bool g_scan_token_node_plain_enroll(GScanTokenNodePlain *node, GScanContext *context, GEngineBackend *backend, size_t maxsize, size_t *slow) +static bool g_scan_token_node_plain_enroll(GScanTokenNodePlain *node, GEngineBackend *backend, size_t maxsize, size_t *slow) { bool result; /* Statut à retourner */ size_t i; /* Boucle de parcours #1 */ @@ -344,7 +419,7 @@ static bool g_scan_token_node_plain_enroll(GScanTokenNodePlain *node, GScanConte } else - result = g_scan_token_modifier_transform(node->modifier, &node->orig, &node->raw, &node->count); + result = g_scan_token_modifier_transform(node->modifier, &node->orig, 1, &node->raw, &node->count); if (!result) goto exit; @@ -413,7 +488,7 @@ static bool g_scan_token_node_plain_enroll(GScanTokenNodePlain *node, GScanConte /* Enregistrements en masse */ for (i = 0; i < node->count && result; i++) - result = enroll_prepared_atom(&node->raw[i], context, backend, &node->atoms[i]); + result = enroll_prepared_atom(&node->raw[i], backend, &node->atoms[i]); exit: @@ -424,6 +499,34 @@ static bool g_scan_token_node_plain_enroll(GScanTokenNodePlain *node, GScanConte /****************************************************************************** * * +* Paramètres : node = définition de la bribe à peaufiner. * +* backend = moteur de recherche à préchauffer. * +* * +* Description : Récupère un identifiant final pour un atome d'octets. * +* * +* Retour : Bilan de l'opération à renvoyer. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_token_node_plain_build_id(GScanTokenNodePlain *node, GEngineBackend *backend) +{ + bool result; /* Statut à retourner */ + size_t i; /* Boucle de parcours #1 */ + + result = true; + + for (i = 0; i < node->count && result; i++) + result = build_atom_pattern_id(&node->atoms[i], backend); + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : raw = contneu brut à retrouver idéalement. * * atom = contenu brut représentatif ciblé. * * nocase = marque un éventuel désintérêt pour la casse. * @@ -449,39 +552,81 @@ static bool check_scan_token_node_plain_content(const sized_binary_t *raw, const init_vmpa(&pos, start, VMPA_NO_VIRTUAL); - /* Validation du contenu avant l'atome */ + /* Validation du motif intégral */ - if (atom->pos > 0) + if (atom == NULL) { - ptr = g_binary_content_get_raw_access(content, &pos, atom->pos); + ptr = g_binary_content_get_raw_access(content, &pos, raw->len); + + /** + * Si la partion atomique recherchée est trouvée en début de contenu, + * le reste du motif de recherche va déborder. L'accès correspondant + * est donc refusé, et cette situation est prise en compte ici. + */ + if (ptr == NULL) goto done; if (nocase) - ret = memcasecmp(raw->data, ptr, atom->pos); + ret = memcasecmp(raw->data, ptr, raw->len); else - ret = memcmp(raw->data, ptr, atom->pos); + ret = memcmp(raw->data, ptr, raw->len); - if (ret != 0) goto done; + result = (ret == 0); } - /* Validation du contenu après l'atome */ + /* Validation des extrémités */ - if (atom->rem > 0) + else { - advance_vmpa(&pos, atom->len); + /* Validation du contenu avant l'atome */ - ptr = g_binary_content_get_raw_access(content, &pos, atom->rem); + if (atom->pos > 0) + { + ptr = g_binary_content_get_raw_access(content, &pos, atom->pos); - if (nocase) - ret = memcasecmp(raw->data + atom->pos + atom->len, ptr, atom->rem); - else - ret = memcmp(raw->data + atom->pos + atom->len, ptr, atom->rem); + /** + * Si la partion atomique recherchée est trouvée en début de contenu, + * le reste du motif de recherche va déborder. L'accès correspondant + * est donc refusé, et cette situation est prise en compte ici. + */ + if (ptr == NULL) goto done; - if (ret != 0) goto done; + if (nocase) + ret = memcasecmp(raw->data, ptr, atom->pos); + else + ret = memcmp(raw->data, ptr, atom->pos); - } + if (ret != 0) goto done; - result = true; + } + + /* Validation du contenu après l'atome */ + + if (atom->rem > 0) + { + advance_vmpa(&pos, atom->len); + + ptr = g_binary_content_get_raw_access(content, &pos, atom->rem); + + /** + * Si la partion atomique recherchée est trouvée en fin de contenu, + * le reste du motif de recherche va déborder. L'accès correspondant + * est donc refusé, et cette situation est prise en compte ici. + */ + if (ptr == NULL) goto done; + + if (nocase) + ret = memcasecmp(raw->data + atom->pos + atom->len, ptr, atom->rem); + else + ret = memcmp(raw->data + atom->pos + atom->len, ptr, atom->rem); + + if (ret != 0) goto done; + + } + + result = true; + + } done: @@ -492,13 +637,10 @@ static bool check_scan_token_node_plain_content(const sized_binary_t *raw, const /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -508,227 +650,453 @@ static bool check_scan_token_node_plain_content(const sized_binary_t *raw, const * * ******************************************************************************/ -static void g_scan_token_node_plain_check_forward(const GScanTokenNodePlain *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_plain_check_forward(const GScanTokenNodePlain *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { - bool initialized; /* Initialisation du suivi ? */ + bool track_path; /* Conservation du chemin */ bool nocase; /* Pas d'intérêt pour la casse */ - size_t ocount; /* Quantité de bornes présentes*/ + match_area_t **areas; /* Liste de zones à constituer */ + size_t *count; /* Taille de cette liste */ + bool copy; /* Besoin d'une copie ? */ + bool inverted; /* Inversion des bilans ? */ size_t i; /* Boucle de parcours #1 */ - const sized_binary_t *raw; /* Données brutes d'origine */ const tracked_scan_atom_t *atom; /* Atome correspondant */ - size_t count; /* Quantité de bribes trouvées */ - const phys_t *found; /* Localisations des bribes */ - size_t k; /* Boucle de parcours #2 */ - phys_t new_begin; /* Nouveau départ à tester */ + match_area_t *atoms; /* Localisations des bribes */ + bool first_round; /* Premier tour de traitement */ + match_area_t *area; /* Correspondance à valider */ + const sized_binary_t *raw; /* Données brutes d'origine */ + match_area_t *next; /* Correspondance suivante */ + phys_t start; /* Début potentiel de motif */ bool status; /* Bilan d'une correspondance */ - size_t pcount; /* Nombre de correspondances */ - match_area_t * const *pending_ptr; /* Correspondances actuelles */ - size_t p; /* Boucle de parcours #3 */ - const match_area_t *pending; /* Correspondance à traiter */ + phys_t after; /* Espace disposible après */ + phys_t min_end; /* Fin la plus proche possible */ + phys_t max_end; /* Fin la plus éloignée trouvée*/ + bool updated; /* Existence de correspondance */ + size_t rcount; /* Quantité de bornes présentes*/ + const node_offset_range_t *ranges; /* Bornes d'espace à parcourir */ + size_t r; /* Boucle de parcours #xxxxxxxxxxxx*/ + phys_t p; /* Boucle de parcours #xxxxxxxxxxxx*/ + phys_t updated_edge; /* Nouvelle bordure de motif */ + match_area_t *new_area; /* Copie de correspondance */ + + if (0x0) printf("=================== CHECK :: %s (skip? %d)\n", __FUNCTION__, *skip); if (*skip) return; - initialized = are_pending_matches_initialized(matches); + track_path = (G_SCAN_TOKEN_NODE(node)->flags & STNF_MAIN); nocase = (node->flags & SPNF_CASE_INSENSITIVE); - get_node_search_offset_ranges(offset, &ocount); - - for (i = 0; i < node->count; i++) + /** + * Création de premières marques de correspondances. + */ + if (!params->initialized) { - raw = &node->raw[i]; - atom = &node->atoms[i]; + /* Destinations établies une fois pour toutes */ + + if (cflags & TNCF_KEEP_DISCARDED) + { + areas = ¶ms->kept_areas; + count = ¶ms->kept_count; + + copy = false; + inverted = true; - found = g_scan_context_get_atom_matches(context, atom->pid, &count); + } - if (!initialized) + else if (cflags & TNCF_CREATE_NEW) { - for (k = 0; k < count; k++) - { - new_begin = found[k] - atom->pos; + areas = ¶ms->created_areas; + count = ¶ms->created_count; + + copy = true; + inverted = false; + + } + + else + { + assert(cflags & TNCF_UPDATE_IN_PLACE); + + areas = ¶ms->main_areas; + count = ¶ms->main_count; + + copy = false; + inverted = false; + + } + /* Parcours des combinaisons enregistrées */ + + for (i = 0; i < node->count; i++) + { + atom = &node->atoms[i]; + + atoms = g_scan_context_get_atom_matches(params->context, atom->pid); + + first_round = (*count == 0); + + if (atom->fast_check) + { /** - * Si personne n'a manipulé les pré-résultats, mais qu'un décallage - * est spécifié par un noeud précédent, une validation sur la base - * d'une position 0 est menée. + * Toutes les correspondances sont validées d'office car le motif identifié + * correspondant au motif complet. */ - if (ocount > 0) + + if (!inverted) { - if (!does_node_search_offset_include_pos_forward(offset, 0, new_begin)) + for_each_match_area(area, atoms) { - if (not) - add_pending_match(matches, new_begin, raw->len); + /** + * La modification de la zone d'origine est possible dans tous les cas + * car cette zone a été allouée de façon dédiée à un type de correspondances + * et ne sera pas réutilisée comme autre source de correspondance ailleurs. + */ - continue; + assert(area->end >= atom->len); + + area->start = area->end - atom->len; + + (*count)++; } + } - status = check_scan_token_node_plain_content(raw, atom, nocase, new_begin, content); + else + atoms = NULL; + + } + + else + { + raw = &node->raw[i]; + + for_each_match_area_safe(area, &atoms, next) + { + start = area->end - atom->len - atom->pos; + + status = check_scan_token_node_plain_content(raw, atom, nocase, start, params->content); + + if (status) + { + /** + * La modification de la zone d'origine est possible dans tous les cas + * car cette zone a été allouée de façon dédiée à un type de correspondances + * et ne sera pas réutilisée comme autre source de correspondance ailleurs. + */ + + if (!inverted) + { + area->start = start; + area->end += atom->rem; + + (*count)++; + + } + else + del_match_area(area, &atoms); + + } + + else + { + /** + * Les principes de modifications restent valables, même inversés. + */ + if (inverted) + { + area->start = start; + area->end += atom->rem; + + (*count)++; + + } + else + del_match_area(area, &atoms); + + } + + } - if ((status && !not) || (!status && not)) - /** - * Il ne peut y avoir qu'une seule séquence d'octets à un même - * emplacement, donc le couple (new_begin, len) enregistré est - * unique. - */ - add_pending_match(matches, new_begin, raw->len); + + } + + /* Mise à jour de la liste */ + + if (atoms != NULL) + { + if (first_round) + *areas = atoms; + + else + merge_match_areas(areas, &atoms); } } - else - { - reset_pending_matches_ttl(matches); + } - pending_ptr = get_all_pending_matches(matches, &pcount); + /** + * Poursuite des traitements sur des correspondances déjà amorcées, impliquant + * des comparaisons entières de motifs. + */ + else + { + if (0x0) printf(" LIST : %p (sz = %zu)\n", params->main_areas, params->main_count); - for (p = 0; p < pcount; p++) + for_each_match_area_safe(area, ¶ms->main_areas, next) + { + assert(area->end <= params->content_end); + + after = params->content_end - area->end; + + if (0x0) printf("---------- iter @ %u -> %u\n", (unsigned int)area->start, (unsigned int)area->end); + + /** + * Il ne peut y avoir qu'une seule séquence d'octets à un même + * emplacement. En revanche, des modificateurs peuvent construire + * possédant une même base, mais offrant des suffixes différents + * (par exemple, un marqueur nul UTF-16 final en complément). + * + * L'ensemble des combinaisons produites doit ainsi être exploré. + */ + + /** + * Par ailleurs, même si une base de couples uniques est assurée, + * la constitution d'un ensemble de noeuds peut amener une redondance + * dans les emplacements de correspondances ; ces doublons éventuels + * sont alors filtrés par un appel à sort_match_areas_no_dup(). + * + * Par exemple, pour la séquence d'octets analysés suivante : + * + * aaa....bbb + * + * La définition { (61 61 | 61 61 61) [4-5] 62 62 62 } peut établir + * les correspondances suivantes : + * + * aa.....bbb -> couple pending[x] (0;2) puis (0;10) + * ^ + * aa....bbb -> couple pending[y] (1;3) puis (1;10) + * ^ + * aaa....bbb -> couple pending[z] (0;3) puis (0;10) + * ^ + * + * Par ailleurs, une même base de départ peut conduire à plusieurs + * zones de correspondances. + * + * Par exemple, pour la séquence d'octets analysés suivante : + * + * aa..bb..bb + * + * La définition { 61 61 [2-6] 62 62 } peut établir + * les correspondances suivantes : + * + * aa..bb..bb -> couple pending[x] (0;2) puis (0;6) + * ^ + * aa..bb..bb -> couple pending[x] (0;2) puis (0;10) + * ^ + */ + + /** + * Dans la première situation, c'est la bribe 62 62 62 qui fait l'objet + * d'une recherche de motifs. Les autres bribes sont recherchées + * manuellement ici, car l'espace de séparation est léger (inférieur à + * MAX_RANGE_FOR_MANUAL_CHECK). + * + * La seconde situation bénéficie de recherches automatisées pour + * l'ensemble des motifs, du fait d'une valeur de séparation plus + * importante. + * + * Dans les deux cas, l'espace de séparation est entièrement considéré. + * La sélection de la correspondance à retour s'établit selon un + * paramètre de configuation : doit-on être avare sur les distances + * consommées ou non ? + */ + + min_end = params->content_end; + max_end = params->content_start; + + updated = false; + + for (i = 0; i < node->count; i++) { - pending = (*pending_ptr) + p; + raw = &node->raw[i]; - assert(matches->content_start <= pending->start); - - for (k = 0; k < count; k++) + /* Souplesse dans les positions ? */ + if (offsets_exist(¶ms->offset)) { - new_begin = found[k] - atom->pos; + ranges = get_node_search_offset_ranges_2(¶ms->offset, &rcount); - /** - * Si bornes de tolérance il y a, on valide la position. - * - * Sinon les correspondances passées et actuelle doivent - * être jointes. - */ - if (ocount > 0) + for (r = 0; r < rcount; r++) { - if (!does_node_search_offset_include_pos_forward(offset, pending->end, new_begin)) + assert(ranges[r].has_max); + assert((ranges[r].max - ranges[r].min) <= MAX_RANGE_FOR_MANUAL_CHECK); + + for (p = ranges[r].min; p <= ranges[r].max; p++) { - if (not) + /** + * Si la fin d'une correspondance potentielle est trop près de + * la fin du contenu binaire et ne peut contenir le motif + * représenté, alors la corresponance est écartée sans appel. + */ + if ((p + raw->len) > after) + break; + + status = check_scan_token_node_plain_content(raw, NULL, nocase, + area->end + p, params->content); + + if (status) { - extend_pending_match_ending(matches, p, pending->end + raw->len); + updated_edge = area->end + p + raw->len; - /** - * Comme l'extension a pu conduire à un ajout et donc à une - * réallocation de la liste, on recharge l'élément pour les - * itérations suivantes. - */ - pending = (*pending_ptr) + p; + if (updated_edge < min_end) + min_end = updated_edge; - } + if (updated_edge > max_end) + max_end = updated_edge; - continue; + updated = true; + + } } + } - else + + } + + /* Position immédiatement attendue */ + else + { + /** + * Si la fin d'une correspondance potentielle est trop près de + * la fin du contenu binaire et ne peut contenir le motif + * représenté, alors la corresponance est écartée sans appel. + */ + if (raw->len > after) + continue; + + status = check_scan_token_node_plain_content(raw, NULL, nocase, area->end, params->content); + + if (status) { - if (pending->end != new_begin) - { - if (not) - { - extend_pending_match_ending(matches, p, pending->end + raw->len); + updated_edge = area->end + raw->len; - /** - * Comme l'extension a pu conduire à un ajout et donc à une - * réallocation de la liste, on recharge l'élément pour les - * itérations suivantes. - */ - pending = (*pending_ptr) + p; + if (updated_edge < min_end) + min_end = updated_edge; - } + if (updated_edge > max_end) + max_end = updated_edge; - continue; + updated = true; - } } - status = check_scan_token_node_plain_content(raw, atom, nocase, new_begin, content); + } + + } + + if (updated) + { + /** + * Si seuls les rejets sont d'intérêt, les correspondances établies + * ne se voient pas mises à jours ni retirées. + */ + + if ((cflags & TNCF_KEEP_DISCARDED) == 0) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + area->end = (1 /* greedy */ ? min_end : max_end); - if ((status && !not) || (!status && not)) + else if (cflags & TNCF_CREATE_NEW) { - /** - * Même si une base de couples uniques est assurée, - * la constitution d'un ensemble de noeuds peut amener une - * redondance dans les emplacements de correspondances. - * - * Par exemple, pour la séquence d'octets analysés suivante : - * - * aaa....bbb - * - * La définition { (61 61 | 61 61 61) [4-5] 62 62 62 } peut établir - * les correspondances suivantes : - * - * aa.....bbb -> couple pending[x] (0;2) puis (0;10) - * ^ - * aa....bbb -> couple pending[y] (1;3) puis (1;10) - * ^ - * aaa....bbb -> couple pending[z] (0;3) puis (0;10) - * ^ - * - * Par ailleurs, une même base de départ peut conduire - * à plusieurs zone de correspondances. - * - * Par exemple, pour la séquence d'octets analysés suivante : - * - * aa..bb..bb - * - * La définition { 61 61 [2-6] 62 62 } peut établir - * les correspondances suivantes : - * - * aa..bb..bb -> couple pending[x] (0;2) puis (0;6) - * ^ - * aa..bb..bb -> couple pending[x] (0;2) puis (0;10) - * ^ - */ + new_area = g_umem_slice_alloc(params->allocator); - /** - * La seconde situation est prise en compte par la fonction - * extend_pending_match_ending() qui s'appuie sur le TTL pour - * dupliquer la correspondance pending[x] initiale. Le nouvel - * élément est placé en fin de liste, ce qui ne boulverse pas - * le parcours de liste courant, la valeur de pcount n'étant - * pas actualisée. - */ + *new_area = *area; - extend_pending_match_ending(matches, p, new_begin + raw->len); + new_area->end = (1 /* greedy */ ? min_end : max_end); - /** - * Comme l'extension a pu conduire à un ajout et donc à une - * réallocation de la liste, on recharge l'élément pour les - * itérations suivantes. - */ - pending = (*pending_ptr) + p; + add_tail_match_area(new_area, ¶ms->created_areas); + params->created_count++; } +#ifndef NDEBUG + else + assert(false); +#endif + } } - purge_pending_matches(matches); + else + { + /** + * Si la liste principale doit être mise à jour... + */ + + if (cflags & TNCF_UPDATE_IN_PLACE) + { + del_match_area(area, ¶ms->main_areas); + assert(params->main_count > 0); + params->main_count--; + } + + /** + * Au cas où le rejet est d'intérêt, l'absence de correspondance + * est conservée dans une liste dédiée. + */ + + if (cflags & TNCF_KEEP_DISCARDED) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + { + add_tail_match_area(area, ¶ms->kept_areas); + params->kept_count++; + } + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->end = (1 /* greedy */ ? min_end : max_end); + + add_tail_match_area(new_area, ¶ms->kept_areas); + params->kept_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif + + } + + } } } - set_pending_matches_initialized(matches); + params->initialized = true; - disable_all_ranges_in_node_search_offset(offset); + disable_all_ranges_in_node_search_offset(¶ms->offset); } /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -738,19 +1106,272 @@ static void g_scan_token_node_plain_check_forward(const GScanTokenNodePlain *nod * * ******************************************************************************/ -static void g_scan_token_node_plain_check_backward(const GScanTokenNodePlain *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_plain_check_backward(const GScanTokenNodePlain *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { + + + bool track_path; /* Conservation du chemin */ + bool nocase; /* Pas d'intérêt pour la casse */ + + + + + size_t i; /* Boucle de parcours #1 */ + + + const sized_binary_t *raw; /* Données brutes d'origine */ + + + bool status; /* Bilan d'une correspondance */ + + + + + + match_area_t *area; /* Correspondance à valider */ + match_area_t *next; /* Correspondance suivante */ + phys_t before; /* Espace disposible avant */ + phys_t min_start; /* Début le plus proche trouvé */ + phys_t max_start; /* Début le plus distant trouvé*/ + bool updated; /* Existence de correspondance */ + size_t rcount; /* Quantité de bornes présentes*/ + const node_offset_range_t *ranges; /* Bornes d'espace à parcourir */ + size_t r; /* Boucle de parcours #xxxxxxxxxxxx*/ + phys_t p; /* Boucle de parcours #xxxxxxxxxxxx*/ + phys_t updated_edge; /* Nouvelle bordure de motif */ + match_area_t *new_area; /* Copie de correspondance */ + + if (0x0) printf("=================== CHECK :: %s (skip? %d)\n", __FUNCTION__, *skip); + if (*skip) return; + /** + * En lecture à rebourd, au moins un noeud a été solicité pour analyse (lors + * du sens de lecture normal). Donc l'initialisation a déjà dû avoir lieu. + */ + + assert(params->initialized); + + track_path = (G_SCAN_TOKEN_NODE(node)->flags & STNF_MAIN); + + nocase = (node->flags & SPNF_CASE_INSENSITIVE); - printf("TODO\n"); - assert(0); + /** + * ............. + */ + if (0) + { + + + ; + + + + } + + /** + * Poursuite des traitements sur des correspondances déjà amorcées, impliquant + * des comparaisons entières de motifs. + */ + else + { + if (0x0) printf(" LIST : %p (sz = %zu)\n", params->main_areas, params->main_count); + + for_each_match_area_safe(area, ¶ms->main_areas, next) + { + assert(params->content_start <= area->start); + + before = area->start - params->content_start; + + if (0x0) printf("---------- iter @ %u -> %u\n", (unsigned int)area->start, (unsigned int)area->end); + + /** + * Il ne peut y avoir qu'une seule séquence d'octets à un même + * emplacement. En revanche, des modificateurs peuvent construire + * possédant une même base, mais offrant des suffixes différents + * (par exemple, un marqueur nul UTF-16 final en complément). + * + * L'ensemble des combinaisons produites doit ainsi être exploré. + */ + + min_start = params->content_start; + max_start = params->content_end; + + updated = false; + + for (i = 0; i < node->count; i++) + { + raw = &node->raw[i]; + + /* Souplesse dans les positions ? */ + if (offsets_exist(¶ms->offset)) + { + ranges = get_node_search_offset_ranges_2(¶ms->offset, &rcount); + + for (r = 0; r < rcount; r++) + { + assert(ranges[r].has_max); + assert((ranges[r].max - ranges[r].min) <= MAX_RANGE_FOR_MANUAL_CHECK); + + for (p = ranges[r].min; p <= ranges[r].max; p++) + { + /** + * Si la fin d'une correspondance potentielle est trop près de + * la fin du contenu binaire et ne peut contenir le motif + * représenté, alors la corresponance est écartée sans appel. + */ + if ((p + raw->len) > before) + break; + + status = check_scan_token_node_plain_content(raw, NULL, nocase, + area->start - raw->len - p, + params->content); + + if (status) + { + updated_edge = area->start - raw->len - p; + + if (updated_edge > min_start) + min_start = updated_edge; + + if (updated_edge < max_start) + max_start = updated_edge; + + updated = true; + + } + + } + + } + + } + + /* Position immédiatement attendue */ + else + { + /** + * Si la fin d'une correspondance potentielle est trop près du + * début du contenu binaire et ne peut contenir le motif + * représenté, alors la corresponance est écartée sans appel. + */ + if (raw->len > before) + continue; + + status = check_scan_token_node_plain_content(raw, NULL, nocase, + area->start - raw->len, + params->content); + + if (status) + { + updated_edge = area->start - raw->len; + + if (updated_edge > min_start) + min_start = updated_edge; + + if (updated_edge < max_start) + max_start = updated_edge; + + updated = true; + + } + + } + + } + + if (updated) + { + /** + * Si seuls les rejets sont d'intérêt, les correspondances établies + * ne se voient pas mises à jours ni retirées. + */ + + if ((cflags & TNCF_KEEP_DISCARDED) == 0) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + area->start = (1 /* greedy */ ? min_start : max_start); + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->start = (1 /* greedy */ ? min_start : max_start); + + add_tail_match_area(new_area, ¶ms->created_areas); + params->created_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif + + } + + } + + else + { + /** + * Si la liste principale doit être mise à jour... + */ + + if (cflags & TNCF_UPDATE_IN_PLACE) + { + del_match_area(area, ¶ms->main_areas); + assert(params->main_count > 0); + params->main_count--; + } + + /** + * Au cas où le rejet est d'intérêt, l'absence de correspondance + * est conservée dans une liste dédiée. + */ + + if (cflags & TNCF_KEEP_DISCARDED) + { + if (cflags & TNCF_UPDATE_IN_PLACE) + { + add_tail_match_area(area, ¶ms->kept_areas); + params->kept_count++; + } + + else if (cflags & TNCF_CREATE_NEW) + { + new_area = g_umem_slice_alloc(params->allocator); + + *new_area = *area; + + new_area->start = (1 /* greedy */ ? min_start : max_start); + + add_tail_match_area(new_area, ¶ms->kept_areas); + params->kept_count++; + + } + +#ifndef NDEBUG + else + assert(false); +#endif + + } + + } + + } + + } + disable_all_ranges_in_node_search_offset(¶ms->offset); } diff --git a/src/analysis/scan/patterns/tokens/nodes/plain.h b/src/analysis/scan/patterns/tokens/nodes/plain.h index c8f3920..abf71de 100644 --- a/src/analysis/scan/patterns/tokens/nodes/plain.h +++ b/src/analysis/scan/patterns/tokens/nodes/plain.h @@ -75,6 +75,9 @@ GScanTokenNode *g_scan_token_node_plain_new(const sized_binary_t *, GScanTokenMo /* Indique les propriétés particulières d'un noeud de texte. */ ScanPlainNodeFlags g_scan_token_node_plain_get_flags(const GScanTokenNodePlain *); +/* Retrouve l'origine d'une correspondance à partir d'un indice. */ +char *g_scan_token_node_plain_get_modifier_path(const GScanTokenNodePlain *, size_t); + #endif /* _ANALYSIS_SCAN_PATTERNS_TOKENS_NODES_PLAIN_H */ diff --git a/src/analysis/scan/patterns/tokens/nodes/sequence.c b/src/analysis/scan/patterns/tokens/nodes/sequence.c index ad332fc..394c877 100644 --- a/src/analysis/scan/patterns/tokens/nodes/sequence.c +++ b/src/analysis/scan/patterns/tokens/nodes/sequence.c @@ -24,6 +24,10 @@ #include "sequence.h" +#include <assert.h> + + +#include "any.h" #include "sequence-int.h" @@ -48,17 +52,23 @@ static void g_scan_token_node_sequence_finalize(GScanTokenNodeSequence *); /* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */ +/* Prend acte d'une nouvelle propriété pour le noeud. */ +static void g_scan_token_node_sequence_apply_flags(GScanTokenNodeSequence *, ScanTokenNodeFlags); + /* Parcourt une arborescence de noeuds et y relève des éléments. */ static void g_scan_token_node_sequence_visit(GScanTokenNodeSequence *node, scan_tree_points_t *); /* Inscrit la définition d'un motif dans un moteur de recherche. */ -static bool g_scan_token_node_sequence_enroll(GScanTokenNodeSequence *, GScanContext *, GEngineBackend *, size_t, size_t *); +static bool g_scan_token_node_sequence_enroll(GScanTokenNodeSequence *, GEngineBackend *, size_t, size_t *); + +/* Récupère un identifiant final pour un atome d'octets. */ +static bool g_scan_token_node_sequence_build_id(GScanTokenNodeSequence *, GEngineBackend *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_sequence_check_forward(const GScanTokenNodeSequence *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_sequence_check_forward(const GScanTokenNodeSequence *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); /* Transforme les correspondances locales en trouvailles. */ -static void g_scan_token_node_sequence_check_backward(const GScanTokenNodeSequence *, GScanContext *, GBinContent *, pending_matches_t *, node_search_offset_t *, bool, bool *); +static void g_scan_token_node_sequence_check_backward(const GScanTokenNodeSequence *, scan_node_check_params_t *, TokenNodeCheckFlags, bool *); @@ -75,7 +85,7 @@ G_DEFINE_TYPE(GScanTokenNodeSequence, g_scan_token_node_sequence, G_TYPE_SCAN_TO * * * Paramètres : klass = classe à initialiser. * * * -* Description : Initialise la classe des décompositions séquentielles. * +* Description : Initialise la classe des décompositions séquentielles. * * * * Retour : - * * * @@ -95,8 +105,10 @@ static void g_scan_token_node_sequence_class_init(GScanTokenNodeSequenceClass *k node = G_SCAN_TOKEN_NODE_CLASS(klass); + node->apply = (apply_scan_token_node_flags_fc)g_scan_token_node_sequence_apply_flags; node->visit = (visit_scan_token_node_fc)g_scan_token_node_sequence_visit; node->enroll = (enroll_scan_token_node_fc)g_scan_token_node_sequence_enroll; + node->build_id = (build_scan_token_node_id_fc)g_scan_token_node_sequence_build_id; node->check_forward = (check_scan_token_node_fc)g_scan_token_node_sequence_check_forward; node->check_backward = (check_scan_token_node_fc)g_scan_token_node_sequence_check_backward; @@ -224,7 +236,7 @@ bool g_scan_token_node_sequence_create(GScanTokenNodeSequence *sequence, GScanTo /****************************************************************************** * * * Paramètres : sequence = ensemble de noeuds à compléter. * -* child = nouveau noeud à intégrer. * +* child = nouveau noeud à intégrer. * * * * Description : Ajoute un noeud à aux décompositions séquentielles de motif. * * * @@ -236,10 +248,87 @@ bool g_scan_token_node_sequence_create(GScanTokenNodeSequence *sequence, GScanTo void g_scan_token_node_sequence_add(GScanTokenNodeSequence *sequence, GScanTokenNode *child) { - sequence->children = realloc(sequence->children, ++sequence->count * sizeof(GScanTokenNode *)); + bool processed; /* Intégration traitée ? */ + GScanTokenNode *last; /* Dernier noeud inscrit */ + + processed = false; + + if (sequence->count > 0) + { + last = sequence->children[sequence->count - 1]; + + if (G_IS_SCAN_TOKEN_NODE_ANY(last) && G_IS_SCAN_TOKEN_NODE_ANY(child)) + { + g_scan_token_node_any_merge(G_SCAN_TOKEN_NODE_ANY(last), G_SCAN_TOKEN_NODE_ANY(child)); + processed = true; + } + + } + + if (!processed) + { + sequence->children = realloc(sequence->children, ++sequence->count * sizeof(GScanTokenNode *)); + + sequence->children[sequence->count - 1] = child; + g_object_ref(G_OBJECT(child)); + + } + +} + + +/****************************************************************************** +* * +* Paramètres : sequence = ensemble de noeuds à consulter. * +* * +* Description : Indique le nombre de noeuds intégrés dans la séquence. * +* * +* Retour : Nombre de noeuds représentés. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_scan_token_node_sequence_count(const GScanTokenNodeSequence *sequence) +{ + size_t result; /* Quantité à retourner */ + + result = sequence->count; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : sequence = ensemble de noeuds à consulter. * +* index = indice du noeud à retourner. * +* * +* Description : Fournit un noeud donné d'une décomposition séquentielle. * +* * +* Retour : Noeud inclus dans l'ensemble ou NULL si mauvais indice. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GScanTokenNode *g_scan_token_node_sequence_get(const GScanTokenNodeSequence *sequence, size_t index) +{ + GScanTokenNode *result; /* Instance à retourner */ + + assert(index < sequence->count); + + if (index < sequence->count) + { + result = sequence->children[index]; + g_object_ref(G_OBJECT(result)); + } + + else + result = NULL; - sequence->children[sequence->count - 1] = child; - g_object_ref(G_OBJECT(child)); + return result; } @@ -252,6 +341,40 @@ void g_scan_token_node_sequence_add(GScanTokenNodeSequence *sequence, GScanToken /****************************************************************************** * * +* Paramètres : node = noeud de motif à mettre à jour. * +* flags = propriétés particulières à associer au noeud. * +* * +* Description : Prend acte d'une nouvelle propriété pour le noeud. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_scan_token_node_sequence_apply_flags(GScanTokenNodeSequence *node, ScanTokenNodeFlags flags) +{ + size_t i; /* Boucle de parcours */ + + if (node->count == 1) + g_scan_token_node_set_flags(node->children[0], flags); + + else if (node->count > 1) + { + g_scan_token_node_set_flags(node->children[0], flags & ~STNF_LAST); + + for (i = 1; i < (node->count - 1); i++) + g_scan_token_node_set_flags(node->children[i], flags & ~(STNF_FIRST | STNF_LAST)); + + g_scan_token_node_set_flags(node->children[node->count - 1], flags & ~STNF_FIRST); + + } + +} + + +/****************************************************************************** +* * * Paramètres : node = point de départ du parcours à effectuer. * * points = points capitaux de l'arborescence. [OUT] * * * @@ -276,7 +399,6 @@ static void g_scan_token_node_sequence_visit(GScanTokenNodeSequence *node, scan_ /****************************************************************************** * * * Paramètres : node = définition de la bribe à enregistrer. * -* context = contexte de l'analyse à mener. * * backend = moteur de recherche à préchauffer. * * maxsize = taille max. des atomes (mise en commun optimisée). * * slow = niveau de ralentissement induit (0 = idéal). [OUT] * @@ -289,7 +411,7 @@ static void g_scan_token_node_sequence_visit(GScanTokenNodeSequence *node, scan_ * * ******************************************************************************/ -static bool g_scan_token_node_sequence_enroll(GScanTokenNodeSequence *node, GScanContext *context, GEngineBackend *backend, size_t maxsize, size_t *slow) +static bool g_scan_token_node_sequence_enroll(GScanTokenNodeSequence *node, GEngineBackend *backend, size_t maxsize, size_t *slow) { bool result; /* Statut à retourner */ size_t i; /* Boucle de parcours */ @@ -297,7 +419,35 @@ static bool g_scan_token_node_sequence_enroll(GScanTokenNodeSequence *node, GSca result = true; for (i = 0; i < node->count && result; i++) - result = _g_scan_token_node_enroll(node->children[i], context, backend, maxsize, slow); + result = _g_scan_token_node_enroll(node->children[i], backend, maxsize, slow); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : node = définition de la bribe à peaufiner. * +* backend = moteur de recherche à préchauffer. * +* * +* Description : Récupère un identifiant final pour un atome d'octets. * +* * +* Retour : Bilan de l'opération à renvoyer. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_scan_token_node_sequence_build_id(GScanTokenNodeSequence *node, GEngineBackend *backend) +{ + bool result; /* Statut à retourner */ + size_t i; /* Boucle de parcours #1 */ + + result = true; + + for (i = 0; i < node->count && result; i++) + result = g_scan_token_node_build_id(node->children[i], backend); return result; @@ -306,13 +456,10 @@ static bool g_scan_token_node_sequence_enroll(GScanTokenNodeSequence *node, GSca /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -322,25 +469,22 @@ static bool g_scan_token_node_sequence_enroll(GScanTokenNodeSequence *node, GSca * * ******************************************************************************/ -static void g_scan_token_node_sequence_check_forward(const GScanTokenNodeSequence *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_sequence_check_forward(const GScanTokenNodeSequence *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { size_t i; /* Boucle de parcours */ for (i = 0; i < node->count; i++) - _g_scan_token_node_check_forward(node->children[i], context, content, matches, offset, not, skip); + _g_scan_token_node_check_forward(node->children[i], params, cflags, skip); } /****************************************************************************** * * -* Paramètres : node = définition de la bribe à manipuler. * -* context = contexte de l'analyse à mener. * -* content = accès au contenu brut pour vérifications (optim.) * -* matches = suivi des correspondances à consolider. * -* offset = tolérance dans les positions à appliquer. * -* not = indique si les résultats doivent être inversés. * -* skip = détermine si l'analyse est différée. [OUT] * +* Paramètres : node = définition de la bribe à manipuler. * +* params = accès direct aux éléments utiles aux validations. * +* cflags = altérations de traitement à respecter. * +* skip = détermine si l'analyse est différée. [OUT] * * * * Description : Transforme les correspondances locales en trouvailles. * * * @@ -350,11 +494,11 @@ static void g_scan_token_node_sequence_check_forward(const GScanTokenNodeSequenc * * ******************************************************************************/ -static void g_scan_token_node_sequence_check_backward(const GScanTokenNodeSequence *node, GScanContext *context, GBinContent *content, pending_matches_t *matches, node_search_offset_t *offset, bool not, bool *skip) +static void g_scan_token_node_sequence_check_backward(const GScanTokenNodeSequence *node, scan_node_check_params_t *params, TokenNodeCheckFlags cflags, bool *skip) { size_t i; /* Boucle de parcours */ for (i = node->count; i > 0 ; i--) - _g_scan_token_node_check_backward(node->children[i - 1], context, content, matches, offset, not, skip); + _g_scan_token_node_check_backward(node->children[i - 1], params, cflags, skip); } diff --git a/src/analysis/scan/patterns/tokens/nodes/sequence.h b/src/analysis/scan/patterns/tokens/nodes/sequence.h index fc181c6..12df9d1 100644 --- a/src/analysis/scan/patterns/tokens/nodes/sequence.h +++ b/src/analysis/scan/patterns/tokens/nodes/sequence.h @@ -56,6 +56,12 @@ GScanTokenNode *g_scan_token_node_sequence_new(GScanTokenNode *); /* Ajoute un noeud à aux décompositions séquentielles de motif. */ void g_scan_token_node_sequence_add(GScanTokenNodeSequence *, GScanTokenNode *); +/* Indique le nombre de noeuds intégrés dans la séquence. */ +size_t g_scan_token_node_sequence_count(const GScanTokenNodeSequence *); + +/* Fournit un noeud donné d'une décomposition séquentielle. */ +GScanTokenNode *g_scan_token_node_sequence_get(const GScanTokenNodeSequence *, size_t); + #endif /* _ANALYSIS_SCAN_PATTERNS_TOKENS_NODES_SEQUENCE_H */ diff --git a/src/analysis/scan/patterns/tokens/offset.c b/src/analysis/scan/patterns/tokens/offset.c index 010ec67..0a4fd91 100644 --- a/src/analysis/scan/patterns/tokens/offset.c +++ b/src/analysis/scan/patterns/tokens/offset.c @@ -229,6 +229,32 @@ node_offset_range_t * const *get_node_search_offset_ranges(const node_search_off /****************************************************************************** * * +* Paramètres : offset = suivi de tolérances bornées à consulter. * +* count = nombre de bornes enregistrées. [OUT] * +* * +* Description : Fournit la liste des tolérances bornées établies à présent. * +* * +* Retour : Liste d'intervales en lecture seule. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const node_offset_range_t * const get_node_search_offset_ranges_2(const node_search_offset_t *offset, size_t *count) +{ + node_offset_range_t *result; /* Série à renvoyer */ + + result = offset->gen_ptr; + + *count = offset->used; + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : offset = suivi de tolérances bornées à consulter. * * min = point de départ pour parcourir une zone. * * max = point d'arrivée pour parcourir une zone. * @@ -318,6 +344,66 @@ void add_range_to_node_search_offset(node_search_offset_t *offset, phys_t min, p /****************************************************************************** * * +* Paramètres : offset = suivi de tolérances bornées à consulter. * +* min = point de départ pour parcourir une zone. * +* max = point d'arrivée pour parcourir une zone. * +* has_max = validité de la valeur maximale transmise. * +* * +* Description : Etend les décalages tolérés avec un nouvel espace. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void extend_node_search_offset(node_search_offset_t *offset, phys_t min, phys_t max, bool has_max) +{ + size_t i; /* Boucle de parcours */ + + switch (offset->used) + { + /* Si le réceptacle unique peut être employé... */ + case 0: + + offset->range.min = min; + offset->range.max = max; + offset->range.has_max = has_max; + + offset->used = 1; + + offset->gen_ptr = &offset->range; + + break; + + /* Si un espace unique est enregistré */ + case 1: + + offset->range.min += min; + offset->range.max += max; + offset->range.has_max &= has_max; + + break; + + /* Sinon le groupe dynamique est sollicité */ + default: + + for (i = 0; i < offset->used; i++) + { + offset->ranges[i].min += min; + offset->ranges[i].max += max; + offset->ranges[i].has_max &= has_max; + } + + break; + + } + +} + + +/****************************************************************************** +* * * Paramètres : offset = suivi de tolérances bornées à consulter. * * last = dernière position validée. * * pos = nouvelle position potentielle. * diff --git a/src/analysis/scan/patterns/tokens/offset.h b/src/analysis/scan/patterns/tokens/offset.h index b458717..130aaea 100644 --- a/src/analysis/scan/patterns/tokens/offset.h +++ b/src/analysis/scan/patterns/tokens/offset.h @@ -36,7 +36,7 @@ typedef struct _node_offset_range_t { /** * Les deux champs ci-après font bien référence à des positions absolues, - * et non à des bornes d'espace, lors que les résultats de correspondances + * et non à des bornes d'espace, lorsque les résultats de correspondances * sont encore non initialisés. * * Ensuite ces bornes représentent bien un espace séparant les résultats @@ -44,6 +44,7 @@ typedef struct _node_offset_range_t */ phys_t min; /* Position minimale */ phys_t max; /* Position maximale */ + bool has_max; /* Quantité définie ? */ } node_offset_range_t; @@ -53,6 +54,7 @@ bool get_node_offset_range(const node_offset_range_t *, phys_t, phys_t, phys_t * +#define MAX_RANGE_FOR_MANUAL_CHECK 5 @@ -83,13 +85,21 @@ void merge_node_search_offset(node_search_offset_t *, const node_search_offset_t /* Met fin à une mémorisation d'intervales de tolérance. */ void exit_node_search_offset(node_search_offset_t *); +#define offsets_exist(off) \ + ((off)->used > 0) + + /* Fournit la liste des tolérances bornées établies à présent. */ /* TODO : supprimer un niveau d'indirection */ node_offset_range_t * const *get_node_search_offset_ranges(const node_search_offset_t *, size_t *); +const node_offset_range_t * const get_node_search_offset_ranges_2(const node_search_offset_t *, size_t *); /* Ajoute un nouvel espace borné aux décalages tolérés. */ void add_range_to_node_search_offset(node_search_offset_t *, phys_t, phys_t, const phys_t *); +/* Etend les décalages tolérés avec un nouvel espace. */ +void extend_node_search_offset(node_search_offset_t *, phys_t, phys_t, bool); + #define disable_all_ranges_in_node_search_offset(off) \ (off)->used = 0 diff --git a/src/analysis/scan/patterns/tokens/plain-int.h b/src/analysis/scan/patterns/tokens/plain-int.h index 5748160..b0ef106 100644 --- a/src/analysis/scan/patterns/tokens/plain-int.h +++ b/src/analysis/scan/patterns/tokens/plain-int.h @@ -36,14 +36,14 @@ /* Encadrement d'une recherche de texte brut (instance) */ struct _GScanPlainBytes { - GStringToken parent; /* A laisser en premier */ + GBytesToken parent; /* A laisser en premier */ }; /* Encadrement d'une recherche de texte brut (classe) */ struct _GScanPlainBytesClass { - GStringTokenClass parent; /* A laisser en premier */ + GBytesTokenClass parent; /* A laisser en premier */ }; diff --git a/src/analysis/scan/patterns/tokens/plain.c b/src/analysis/scan/patterns/tokens/plain.c index 2eb6bbc..3d6c39d 100644 --- a/src/analysis/scan/patterns/tokens/plain.c +++ b/src/analysis/scan/patterns/tokens/plain.c @@ -67,7 +67,7 @@ static void g_scan_plain_bytes_output_to_json(const GScanPlainBytes *, GScanCont /* Indique le type défini pour une suite d'octets à retrouver dans un binaire. */ -G_DEFINE_TYPE(GScanPlainBytes, g_scan_plain_bytes, G_TYPE_STRING_TOKEN); +G_DEFINE_TYPE(GScanPlainBytes, g_scan_plain_bytes, G_TYPE_BYTES_TOKEN); /****************************************************************************** @@ -207,7 +207,7 @@ bool g_scan_plain_bytes_create(GScanPlainBytes *bytes, GScanTokenNode *root) fullword = (flags & SPNF_FULLWORD); private = (flags & SPNF_PRIVATE); - result = g_string_token_create(G_STRING_TOKEN(bytes), root, fullword, private); + result = g_bytes_token_create(G_BYTES_TOKEN(bytes), root, fullword, private); return result; diff --git a/src/analysis/scan/rule-int.h b/src/analysis/scan/rule-int.h index 1ca2b7f..17d4dc2 100644 --- a/src/analysis/scan/rule-int.h +++ b/src/analysis/scan/rule-int.h @@ -42,6 +42,9 @@ struct _GScanRule char *name; /* Désignation de la règle */ fnv64_t name_hash; /* Empreinte de la désignation */ + char **tags; /* Etiquettes associées */ + char tags_count; /* Quantité de ces étiquettes */ + GSearchPattern **bytes_locals; /* Variables de données */ size_t bytes_allocated; /* Taille allouée du tableau */ size_t bytes_used; /* Nombre d'éléments présents */ diff --git a/src/analysis/scan/rule.c b/src/analysis/scan/rule.c index 68222dd..d3acbc2 100644 --- a/src/analysis/scan/rule.c +++ b/src/analysis/scan/rule.c @@ -102,6 +102,9 @@ static void g_scan_rule_init(GScanRule *rule) rule->name = NULL; rule->name_hash = 0; + rule->tags = NULL; + rule->tags_count = 0; + rule->bytes_locals = NULL; rule->bytes_allocated = 0; rule->bytes_used = 0; @@ -151,9 +154,20 @@ static void g_scan_rule_dispose(GScanRule *rule) static void g_scan_rule_finalize(GScanRule *rule) { + size_t i; /* Boucle de parcours */ + if (rule->name != NULL) free(rule->name); + for (i = 0; i < rule->tags_count; i++) + free(rule->tags[i]); + + if (rule->tags != NULL) + free(rule->tags); + + if (rule->bytes_locals != NULL) + free(rule->bytes_locals); + G_OBJECT_CLASS(g_scan_rule_parent_class)->finalize(G_OBJECT(rule)); } @@ -270,6 +284,54 @@ const char *g_scan_rule_get_name(const GScanRule *rule, fnv64_t *hash) /****************************************************************************** * * +* Paramètres : rule = règle de détection à compléter. * +* tag = étiquette à associer à la règle. * +* * +* Description : Lie une règle à une nouvelle étiquette. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_rule_add_tag(GScanRule *rule, const char *tag) +{ + rule->tags = realloc(rule->tags, ++rule->tags_count * sizeof(char *)); + + rule->tags[rule->tags_count - 1] = strdup(tag); + +} + + +/****************************************************************************** +* * +* Paramètres : rule = règle de détection à consulter. * +* count = quantité d'éléments retournés. [OUT] * +* * +* Description : Indique les éventuelles étiquettes associées à une règle. * +* * +* Retour : Liste d'étiquettes associées à la règle consultée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const char * const *g_scan_rule_list_tags(const GScanRule *rule, size_t *count) +{ + const char * const *result; /* Liste à retourner */ + + result = rule->tags; + + *count = rule->tags_count; + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : rule = règle de détection à compléter. * * pattern = nouveau motif de détection. * * * @@ -283,7 +345,7 @@ const char *g_scan_rule_get_name(const GScanRule *rule, fnv64_t *hash) void g_scan_rule_add_local_variable(GScanRule *rule, GSearchPattern *pattern) { - if (G_IS_STRING_TOKEN(pattern)) + if (G_IS_BYTES_TOKEN(pattern)) { if (rule->bytes_used == rule->bytes_allocated) { @@ -308,13 +370,13 @@ void g_scan_rule_add_local_variable(GScanRule *rule, GSearchPattern *pattern) * * * Retour : Motif de détection retrouvé ou NULL en cas d'échec. * * * -* Remarques : - * +* Remarques : La propriétée de l'instance renvoyée est partagée ! * * * ******************************************************************************/ -GSearchPattern *g_scan_rule_get_local_variable(GScanRule *rule, const char *target) +const GSearchPattern *g_scan_rule_get_local_variable(GScanRule *rule, const char *target) { - GSearchPattern *result; /* Variable à retourner */ + const GSearchPattern *result; /* Variable à retourner */ size_t i; /* Boucle de parcours */ const char *name; /* Désignation d'un motif */ @@ -332,9 +394,6 @@ GSearchPattern *g_scan_rule_get_local_variable(GScanRule *rule, const char *targ } - if (result != NULL) - g_object_ref(G_OBJECT(result)); - return result; } @@ -350,13 +409,16 @@ GSearchPattern *g_scan_rule_get_local_variable(GScanRule *rule, const char *targ * * * Retour : Motifs de détection retrouvés ou NULL en cas d'échec. * * * -* Remarques : - * +* Remarques : La propriétée des instances renvoyées est partagée ! * * * ******************************************************************************/ -GSearchPattern **g_scan_rule_get_local_variables(GScanRule *rule, const char *target, size_t *count) +const GSearchPattern **g_scan_rule_get_local_variables(GScanRule *rule, const char *target, size_t *count) { - GSearchPattern **result; /* Variables à retourner */ + const GSearchPattern **result; /* Variables à retourner */ + size_t target_len; /* Nbre de caractères à évaluer*/ + size_t len_without_star; /* Taille sans masque */ + bool need_regex; /* Traitement complexe requis */ size_t i; /* Boucle de parcours */ char *regex; /* Définition complète */ regex_t preg; /* Expression compilée */ @@ -371,20 +433,68 @@ GSearchPattern **g_scan_rule_get_local_variables(GScanRule *rule, const char *ta if (target == NULL) { + need_all_of_them: + *count = rule->bytes_used; result = malloc(*count * sizeof(GSearchPattern *)); + memcpy(result, rule->bytes_locals, *count); + + } + + /* Second cas de figure : identification au cas par cas */ + + else + { + target_len = strlen(target); + + len_without_star = 0; + + need_regex = false; + + for (i = 0; i < target_len; i++) + if (target[i] == '*') + break; + else + len_without_star++; + + for (i++; i < target_len; i++) + if (target[i] != '*') + { + need_regex = true; + goto try_harder; + } + + if (len_without_star == 0) + goto need_all_of_them; + + result = malloc(rule->bytes_used * sizeof(GSearchPattern *)); + for (i = 0; i < rule->bytes_used; i++) { - result[i] = rule->bytes_locals[i]; - g_object_ref(G_OBJECT(result[i])); + name = g_search_pattern_get_name(rule->bytes_locals[i]); + + if (strncmp(name, target, len_without_star) == 0) + { + result[*count] = rule->bytes_locals[i]; + (*count)++; + } + + } + + if (*count == 0) + { + free(result); + result = NULL; } } - /* Second cas de figure : une expression régulière est vraisemblablement de mise */ + try_harder: - else + /* Dernier cas de figure : une expression régulière est vraisemblablement de mise */ + + if (need_regex) { regex = strdup(target); @@ -411,10 +521,7 @@ GSearchPattern **g_scan_rule_get_local_variables(GScanRule *rule, const char *ta if (ret != REG_NOMATCH) { result[*count] = rule->bytes_locals[i]; - g_object_ref(G_OBJECT(result[*count])); - (*count)++; - } } @@ -479,7 +586,6 @@ bool g_scan_rule_setup_backend(GScanRule *rule, GEngineBackend *backend, GScanCo bool result; /* Statut à retourner */ size_t maxsize; /* Taille maximale des atomes */ GSearchPattern *pattern; /* Motif à intégrer */ - GScanOptions *options; /* Options d'analyse */ size_t i; /* Boucle de parcours */ /* Suivi des conditions de correspondance */ @@ -494,22 +600,42 @@ bool g_scan_rule_setup_backend(GScanRule *rule, GEngineBackend *backend, GScanCo for (i = 0; i < rule->bytes_used && result; i++) { pattern = rule->bytes_locals[i]; - result = g_string_token_enroll(G_STRING_TOKEN(pattern), context, backend, maxsize); + result = g_bytes_token_enroll(G_BYTES_TOKEN(pattern), backend, maxsize); } - g_engine_backend_warm_up(backend); + exit: - /* Affichage éventuel de statistiques */ + return result; - options = g_scan_context_get_options(context); +} - if (g_scan_options_get_print_stats(options)) - g_engine_backend_output_stats(backend); +/****************************************************************************** +* * +* Paramètres : rule = règle de détection à considérer. * +* backend = moteur d'analyse pour données brutes. * +* * +* Description : Récupère les identifiants finaux pour les motifs recherchés. * +* * +* Retour : Bilan de l'opération à renvoyer. * +* * +* Remarques : - * +* * +******************************************************************************/ - g_object_unref(G_OBJECT(options)); +bool g_scan_rule_define_pattern_ids(GScanRule *rule, GEngineBackend *backend) +{ + bool result; /* Statut à retourner */ + size_t i; /* Boucle de parcours */ + GSearchPattern *pattern; /* Motif à intégrer */ - exit: + result = true; + + for (i = 0; i < rule->bytes_used && result; i++) + { + pattern = rule->bytes_locals[i]; + result = g_bytes_token_build_id(G_BYTES_TOKEN(pattern), backend); + } return result; @@ -532,50 +658,43 @@ bool g_scan_rule_setup_backend(GScanRule *rule, GEngineBackend *backend, GScanCo void g_scan_rule_check(GScanRule *rule, GEngineBackend *backend, GScanContext *context) { - GBinContent *content; /* Contenu à manipuler */ + scan_node_check_params_t params; /* Rassemblement de paramètres */ vmpa2t start; /* Point de début du contenu */ vmpa2t end; /* Point de fin du contenu */ - pending_matches_t matches; /* Suivi de correspondances */ - size_t i; /* Boucle de parcours #1 */ + size_t i; /* Boucle de parcours */ GSearchPattern *pattern; /* Motif à intégrer */ - size_t k; /* Boucle de parcours #2 */ - match_area_t *area; /* Zone à initialiser */ - GScanMatch *match; /* Correspondance à mémoriser */ + GScanMatches *matches; /* Correspondances établies */ - content = g_scan_context_get_content(context); + /* Définition d'un contexte */ + + params.context = context; + params.content = g_scan_context_get_content(context); + params.allocator = g_umem_slice_new(sizeof(match_area_t)); + + g_binary_content_compute_start_pos(params.content, &start); + g_binary_content_compute_end_pos(params.content, &end); - g_binary_content_compute_start_pos(content, &start); - g_binary_content_compute_end_pos(content, &end); + params.content_start = start.physical; + params.content_end = end.physical; - /* Consolidation des résultats */ + /* Vérifications */ for (i = 0; i < rule->bytes_used; i++) { - init_pending_matches(&matches, &start.physical, &end.physical); - pattern = rule->bytes_locals[i]; - g_string_token_check(G_STRING_TOKEN(pattern), context, content, &matches); - - for (k = 0; k < matches.used; k++) - { - area = &matches.areas[k]; + matches = g_scan_bytes_matches_new(); - match = g_scan_bytes_match_new(G_SEARCH_PATTERN(pattern), content, - area->start, area->end - area->start); + g_bytes_token_check(G_BYTES_TOKEN(pattern), G_SCAN_BYTES_MATCHES(matches), ¶ms); - g_scan_context_register_full_match(context, match); - g_object_unref(G_OBJECT(match)); - - } + g_scan_context_register_full_matches(context, pattern, matches); - exit_pending_matches(&matches); + g_object_unref(G_OBJECT(matches)); } - /* Sortie propre */ - - g_object_unref(G_OBJECT(content)); + g_object_unref(G_OBJECT(params.content)); + //g_object_unref(G_OBJECT(params.allocator)); } @@ -597,19 +716,74 @@ void g_scan_rule_check(GScanRule *rule, GEngineBackend *backend, GScanContext *c void g_scan_rule_output_to_text(const GScanRule *rule, GScanContext *context, bool full, int fd) { + GScanOptions *options; /* Options de l'utilisateur */ + bool selected; /* Affichage attendu ? */ size_t i; /* Boucle de parcours */ + GBinContent *content; /* Contenu binaire scanné */ + char *desc; /* Description de ce contenu */ - if (full) - for (i = 0; i < rule->bytes_used; i++) - g_search_pattern_output_to_text(rule->bytes_locals[i], context, fd); + /** + * Si la règle n'a pas fait mouche, rien n'est imprimé. + */ + if (!g_scan_context_has_match_for_rule(context, rule->name)) + return; - if (g_scan_context_has_match_for_rule(context, rule->name)) + options = g_scan_context_get_options(context); + + selected = g_scan_options_has_tag_as_selected(options, NULL); + + /** + * Si la règle comporte des étiquettes et que l'utilisateur en a spécifié + * également. + */ + if (rule->tags_count > 0 && !selected) + { + for (i = 0; i < rule->tags_count && !selected; i++) + selected = g_scan_options_has_tag_as_selected(options, rule->tags[i]); + } + + if (selected) { - write(fd, "Rule '", 6); write(fd, rule->name, strlen(rule->name)); - write(fd, "' has matched!\n", 15); + + if (g_scan_options_get_print_tags(options)) + { + write(fd, " [", 2); + + for (i = 0; i < rule->tags_count; i++) + { + if (i > 0) + write(fd, ",", 1); + + write(fd, rule->tags[i], strlen(rule->tags[i])); + + } + + write(fd, "]", 1); + + } + + write(fd, " ", 1); + + content = g_scan_context_get_content(context); + + desc = g_binary_content_describe(content, true); + + write(fd, desc, strlen(desc)); + write(fd, "\n", 1); + + free(desc); + + g_object_unref(G_OBJECT(content)); + + if (full) + for (i = 0; i < rule->bytes_used; i++) + g_search_pattern_output_to_text(rule->bytes_locals[i], context, fd); + } + g_object_unref(G_OBJECT(options)); + } @@ -706,8 +880,11 @@ char *g_scan_rule_convert_as_text(const GScanRule *rule, GScanContext *context) void g_scan_rule_output_to_json(const GScanRule *rule, GScanContext *context, const sized_string_t *padding, unsigned int level, int fd, bool tail) { - size_t i; /* Boucle de parcours */ + size_t i; /* Boucle de parcours #1 */ bool sub_tail; /* Saut de la virgule finale ? */ + size_t k; /* Boucle de parcours #2 */ + GBinContent *content; /* Contenu binaire scanné */ + char *desc; /* Description de ce contenu */ /* Introduction */ @@ -727,6 +904,61 @@ void g_scan_rule_output_to_json(const GScanRule *rule, GScanContext *context, co write(fd, "\",\n", 3); + /* Etiquettes ? */ + + for (i = 0; i < (level + 1); i++) + write(fd, padding->data, padding->len); + + write(fd, "\"tags\": [", 9); + + if (rule->tags_count > 0) + { + write(fd, "\n", 1); + + for (k = 0; k < rule->tags_count; k++) + { + for (i = 0; i < (level + 2); i++) + write(fd, padding->data, padding->len); + + write(fd, "\"", 1); + + write(fd, rule->tags[k], strlen(rule->tags[k])); + + write(fd, "\"", 1); + + if ((k + 1) < rule->tags_count) + write(fd, ",", 1); + + write(fd, "\n", 1); + + } + + for (i = 0; i < (level + 1); i++) + write(fd, padding->data, padding->len); + + } + + write(fd, "],\n", 3); + + /* Cible du scan */ + + for (i = 0; i < (level + 1); i++) + write(fd, padding->data, padding->len); + + write(fd, "\"target\": \"", 11); + + content = g_scan_context_get_content(context); + + desc = g_binary_content_describe(content, true); + + write(fd, desc, strlen(desc)); + + free(desc); + + g_object_unref(G_OBJECT(content)); + + write(fd, "\",\n", 3); + /* Affichage des correspondances d'octets */ for (i = 0; i < (level + 1); i++) diff --git a/src/analysis/scan/rule.h b/src/analysis/scan/rule.h index 3e6fe9d..c2c58dc 100644 --- a/src/analysis/scan/rule.h +++ b/src/analysis/scan/rule.h @@ -75,14 +75,20 @@ ScanRuleFlags g_scan_rule_get_flags(const GScanRule *); /* Indique le nom associé à une règle de détection. */ const char *g_scan_rule_get_name(const GScanRule *, fnv64_t *); +/* Lie une règle à une nouvelle étiquette. */ +void g_scan_rule_add_tag(GScanRule *, const char *); + +/* Indique les éventuelles étiquettes associées à une règle. */ +const char * const *g_scan_rule_list_tags(const GScanRule *, size_t *); + /* Intègre une nouvelle variable locale à une règle. */ void g_scan_rule_add_local_variable(GScanRule *, GSearchPattern *); /* Fournit une variable locale à une règle selon un nom. */ -GSearchPattern *g_scan_rule_get_local_variable(GScanRule *, const char *); +const GSearchPattern *g_scan_rule_get_local_variable(GScanRule *, const char *); /* Fournit une liste de variables locales à partir d'un nom. */ -GSearchPattern **g_scan_rule_get_local_variables(GScanRule *, const char *, size_t *); +const GSearchPattern **g_scan_rule_get_local_variables(GScanRule *, const char *, size_t *); /* Définit l'expression d'une correspondance recherchée. */ void g_scan_rule_set_match_condition(GScanRule *, GScanExpression *); @@ -90,6 +96,9 @@ void g_scan_rule_set_match_condition(GScanRule *, GScanExpression *); /* Prépare le suivi de recherche de motifs pour une règle. */ bool g_scan_rule_setup_backend(GScanRule *, GEngineBackend *, GScanContext *); +/* Récupère les identifiants finaux pour les motifs recherchés. */ +bool g_scan_rule_define_pattern_ids(GScanRule *, GEngineBackend *); + /* Lance une analyse d'un contenu binaire selon une règle. */ void g_scan_rule_check(GScanRule *, GEngineBackend *, GScanContext *); diff --git a/src/analysis/scan/scanner-int.h b/src/analysis/scan/scanner-int.h index 4fcda87..02fd6b3 100644 --- a/src/analysis/scan/scanner-int.h +++ b/src/analysis/scan/scanner-int.h @@ -55,7 +55,7 @@ struct _GContentScannerClass /* Met en place un scanner de contenus binaires. */ -bool g_content_scanner_create_from_text(GContentScanner *, const char *); +bool g_content_scanner_create_from_text(GContentScanner *, const char *, size_t); /* Met en place un scanner de contenus binaires. */ bool g_content_scanner_create_from_file(GContentScanner *, const char *); diff --git a/src/analysis/scan/scanner.c b/src/analysis/scan/scanner.c index 7b553e6..02a93fa 100644 --- a/src/analysis/scan/scanner.c +++ b/src/analysis/scan/scanner.c @@ -163,7 +163,8 @@ static void g_content_scanner_finalize(GContentScanner *scanner) /****************************************************************************** * * -* Paramètres : text = définitions textuelles de règles de recherche. * +* Paramètres : text = définitions textuelles de règles de recherche. * +* length = taille de la définition. * * * * Description : Prépare une recherche de motifs dans du contenu binaire. * * * @@ -173,13 +174,13 @@ static void g_content_scanner_finalize(GContentScanner *scanner) * * ******************************************************************************/ -GContentScanner *g_content_scanner_new_from_text(const char *text) +GContentScanner *g_content_scanner_new_from_text(const char *text, size_t length) { GContentScanner *result; /* Structure à retourner */ result = g_object_new(G_TYPE_CONTENT_SCANNER, NULL); - if (!g_content_scanner_create_from_text(result, text)) + if (!g_content_scanner_create_from_text(result, text, length)) g_clear_object(&result); return result; @@ -191,6 +192,7 @@ GContentScanner *g_content_scanner_new_from_text(const char *text) * * * Paramètres : scanner = scanner de contenus à initialiser pleinement. * * text = définitions textuelles de règles de recherche. * +* length = taille de la définition. * * * * Description : Met en place un scanner de contenus binaires. * * * @@ -200,12 +202,9 @@ GContentScanner *g_content_scanner_new_from_text(const char *text) * * ******************************************************************************/ -bool g_content_scanner_create_from_text(GContentScanner *scanner, const char *text) +bool g_content_scanner_create_from_text(GContentScanner *scanner, const char *text, size_t length) { bool result; /* Bilan à retourner */ - size_t length; /* Taille de la définition */ - - length = strlen(text); result = process_rules_definitions(scanner, text, length); @@ -489,11 +488,12 @@ GScanContext *g_content_scanner_analyze(GContentScanner *scanner, GScanOptions * GScanContext *result; /* Bilan global à retourner */ bool status; /* Bilan d'opération locale */ size_t i; /* Boucle de parcours */ + size_t ids_count; /* Quantité de motifs prévus */ bool global; /* Bilan des règles globales */ GScanRule *rule; /* Règle à consulter */ const char *name; /* Désignation de la règle */ - /* Préparations... */ + /* Préparations... */ result = g_scan_context_new(options); @@ -507,17 +507,30 @@ GScanContext *g_content_scanner_analyze(GContentScanner *scanner, GScanOptions * for (i = 0; i < scanner->rule_count && status; i++) status = g_scan_rule_setup_backend(scanner->rules[i], scanner->data_backend, result); + if (status) + status = g_engine_backend_warm_up(scanner->data_backend); + + for (i = 0; i < scanner->rule_count && status; i++) + status = g_scan_rule_define_pattern_ids(scanner->rules[i], scanner->data_backend); + if (!status) { g_clear_object(&result); goto exit; } + /* Affichage éventuel de statistiques */ + + if (g_scan_options_get_print_stats(options)) + g_engine_backend_output_stats(scanner->data_backend); + } /* Phase d'analyse */ - g_scan_context_set_content(result, content); + ids_count = g_engine_backend_count_plain_pattern_ids(scanner->data_backend); + + g_scan_context_set_content(result, content, ids_count); g_engine_backend_run_scan(scanner->data_backend, result); @@ -530,7 +543,7 @@ GScanContext *g_content_scanner_analyze(GContentScanner *scanner, GScanOptions * global = true; - for (i = 0; i < scanner->rule_count; i++) + for (i = 0; i < scanner->rule_count && global; i++) { rule = scanner->rules[i]; diff --git a/src/analysis/scan/scanner.h b/src/analysis/scan/scanner.h index e03ecda..7926ba1 100644 --- a/src/analysis/scan/scanner.h +++ b/src/analysis/scan/scanner.h @@ -55,7 +55,7 @@ typedef struct _GContentScannerClass GContentScannerClass; GType g_content_scanner_get_type(void); /* Prépare une recherche de motifs dans du contenu binaire. */ -GContentScanner *g_content_scanner_new_from_text(const char *); +GContentScanner *g_content_scanner_new_from_text(const char *, size_t); /* Prépare une recherche de motifs dans du contenu binaire. */ GContentScanner *g_content_scanner_new_from_file(const char *); diff --git a/src/analysis/scan/space-int.h b/src/analysis/scan/space-int.h index 386785d..34c481c 100644 --- a/src/analysis/scan/space-int.h +++ b/src/analysis/scan/space-int.h @@ -35,11 +35,11 @@ /* Espace de noms pour un groupe de fonctions (instance) */ struct _GScanNamespace { - GRegisteredItem parent; /* A laisser en premier */ + GScanRegisteredItem parent; /* A laisser en premier */ char *name; /* Désignation de l'espace */ - GRegisteredItem **children; /* Sous-éléments inscrits */ + GScanRegisteredItem **children; /* Sous-éléments inscrits */ char **names; /* Désignations correspondantes*/ size_t count; /* Quantité de sous-éléments */ @@ -48,7 +48,7 @@ struct _GScanNamespace /* Espace de noms pour un groupe de fonctions (classe) */ struct _GScanNamespaceClass { - GRegisteredItemClass parent; /* A laisser en premier */ + GScanRegisteredItemClass parent; /* A laisser en premier */ }; diff --git a/src/analysis/scan/space.c b/src/analysis/scan/space.c index 1e158cf..38556a3 100644 --- a/src/analysis/scan/space.c +++ b/src/analysis/scan/space.c @@ -24,11 +24,12 @@ #include "space.h" -#include <assert.h> +#include <stdio.h> #include <string.h> #include "space-int.h" +#include "../../core/logs.h" @@ -56,7 +57,7 @@ static void g_scan_namespace_finalize(GScanNamespace *); static char *g_scan_namespace_get_name(const GScanNamespace *); /* Lance une résolution d'élément à solliciter. */ -static bool g_scan_namespace_resolve(GScanNamespace *, const char *, GScanContext *, GScanScope *, GRegisteredItem **); +static bool g_scan_namespace_resolve(GScanNamespace *, const char *, GScanContext *, GScanScope *, GScanRegisteredItem **); @@ -66,7 +67,7 @@ static bool g_scan_namespace_resolve(GScanNamespace *, const char *, GScanContex /* Indique le type défini pour une définition d'espace de noms. */ -G_DEFINE_TYPE(GScanNamespace, g_scan_namespace, G_TYPE_REGISTERED_ITEM); +G_DEFINE_TYPE(GScanNamespace, g_scan_namespace, G_TYPE_SCAN_REGISTERED_ITEM); /****************************************************************************** @@ -84,14 +85,14 @@ G_DEFINE_TYPE(GScanNamespace, g_scan_namespace, G_TYPE_REGISTERED_ITEM); static void g_scan_namespace_class_init(GScanNamespaceClass *klass) { GObjectClass *object; /* Autre version de la classe */ - GRegisteredItemClass *registered; /* Version de classe parente */ + GScanRegisteredItemClass *registered; /* Version de classe parente */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_namespace_dispose; object->finalize = (GObjectFinalizeFunc)g_scan_namespace_finalize; - registered = G_REGISTERED_ITEM_CLASS(klass); + registered = G_SCAN_REGISTERED_ITEM_CLASS(klass); registered->get_name = (get_registered_item_name_fc)g_scan_namespace_get_name; registered->resolve = (resolve_registered_item_fc)g_scan_namespace_resolve; @@ -237,7 +238,7 @@ bool g_scan_namespace_create(GScanNamespace *space, const char *name) * Paramètres : space = espace de noms à compléter. * * child = élément d'évaluation à intégrer. * * * -* Description : Intègre un nouvel élément dans l'esapce de noms. * +* Description : Intègre un nouvel élément dans l'espace de noms. * * * * Retour : Bilan de l'opération. * * * @@ -245,13 +246,13 @@ bool g_scan_namespace_create(GScanNamespace *space, const char *name) * * ******************************************************************************/ -bool g_scan_namespace_register_item(GScanNamespace *space, GRegisteredItem *child) +bool g_scan_namespace_register_item(GScanNamespace *space, GScanRegisteredItem *child) { bool result; /* Bilan à retourner */ char *name; /* Nom de l'élément à ajouter */ size_t i; /* Boucle de parcours */ - name = g_registered_item_get_name(child); + name = g_scan_registered_item_get_name(child); /* Validation de l'unicité du nom */ @@ -270,12 +271,107 @@ bool g_scan_namespace_register_item(GScanNamespace *space, GRegisteredItem *chil { space->count++; - space->children = realloc(space->children, space->count * sizeof(GRegisteredItem *)); + space->children = realloc(space->children, space->count * sizeof(GScanRegisteredItem *)); space->children[space->count - 1] = child; g_object_ref(G_OBJECT(child)); space->names = realloc(space->names, space->count * sizeof(char *)); - space->names[space->count - 1] = strdup(name); + space->names[space->count - 1] = name; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : space = espace de noms à compléter. * +* count = nombre d'éléments exportés. [OUT] * +* * +* Description : Réalise l'inventaire d'un espace de noms. * +* * +* Retour : Liste d'éléments enregistrés. * +* * +* Remarques : - * +* * +******************************************************************************/ + +char **g_scan_namespace_explore(const GScanNamespace *space, size_t *count) +{ + char **result; /* Liste à retourner */ + size_t i; /* Boucle de parcours #1 */ + GScanRegisteredItem *child; /* Elément à considérer */ + char **sub_result; /* Sous-éléments obtenus */ + size_t sub_count; /* Quantité de ces éléments */ + size_t k; /* Boucle de parcours #2 */ + int ret; /* Bilan d'une construction */ + + result = NULL; + *count = 0; + + for (i = 0; i < space->count; i++) + { + child = space->children[i]; + + if (G_IS_SCAN_NAMESPACE(child)) + { + sub_result = g_scan_namespace_explore(G_SCAN_NAMESPACE(child), &sub_count); + + result = realloc(result, (*count + sub_count) * sizeof(char *)); + + for (k = 0; k < sub_count; k++) + { + if (space->name == NULL) + result[(*count)++] = sub_result[k]; + + else + { + ret = asprintf(&result[*count], "%s.%s", space->name, sub_result[k]); + + if (ret == -1) + { + LOG_ERROR_N("asprintf"); + result[*count] = sub_result[k]; + } + + else + free(sub_result[k]); + + (*count)++; + + } + + } + + if (sub_result != NULL) + free(sub_result); + + } + + else + { + result = realloc(result, (*count + 1) * sizeof(char *)); + + if (space->name == NULL) + result[(*count)++] = strdup(space->names[i]); + + else + { + ret = asprintf(&result[*count], "%s.%s", space->name, space->names[i]); + + if (ret == -1) + { + LOG_ERROR_N("asprintf"); + result[*count] = strdup(space->names[i]); + } + + (*count)++; + + } + + } } @@ -333,18 +429,20 @@ static char *g_scan_namespace_get_name(const GScanNamespace *space) * * ******************************************************************************/ -static bool g_scan_namespace_resolve(GScanNamespace *item, const char *target, GScanContext *ctx, GScanScope *scope, GRegisteredItem **out) +static bool g_scan_namespace_resolve(GScanNamespace *item, const char *target, GScanContext *ctx, GScanScope *scope, GScanRegisteredItem **out) { bool result; /* Bilan à retourner */ size_t i; /* Boucle de parcours */ - result = true; + result = false; for (i = 0; i < item->count; i++) if (strcmp(target, item->names[i]) == 0) { *out = item->children[i]; g_object_ref(G_OBJECT(*out)); + + result = true; break; } diff --git a/src/analysis/scan/space.h b/src/analysis/scan/space.h index 7a99387..1b998d8 100644 --- a/src/analysis/scan/space.h +++ b/src/analysis/scan/space.h @@ -54,8 +54,11 @@ GType g_scan_namespace_get_type(void); /* Construit un nouvel espace de noms pour scan. */ GScanNamespace *g_scan_namespace_new(const char *); -/* Intègre un nouvel élément dans l'esapce de noms. */ -bool g_scan_namespace_register_item(GScanNamespace *, GRegisteredItem *); +/* Intègre un nouvel élément dans l'espace de noms. */ +bool g_scan_namespace_register_item(GScanNamespace *, GScanRegisteredItem *); + +/* Réalise l'inventaire d'un espace de noms. */ +char **g_scan_namespace_explore(const GScanNamespace *, size_t *); diff --git a/src/analysis/scan/tokens.l b/src/analysis/scan/tokens.l index 1a17344..e075cee 100644 --- a/src/analysis/scan/tokens.l +++ b/src/analysis/scan/tokens.l @@ -8,13 +8,35 @@ %{ -//#include "manual.h" #include <assert.h> #include <stdbool.h> #include <stdlib.h> +/* Tête de lecture pour conversions */ +typedef union _read_ptr_t +{ + const uint8_t *byte_pos; /* Lecture par blocs de 8 bits */ + const uint16_t *hword_pos; /* Lecture par blocs de 16 bits*/ + +} read_ptr_t; + + +#if __BYTE_ORDER == __LITTLE_ENDIAN + +# define MAKE_HWORD(ch1, ch2) ((uint16_t)(ch2 << 8 | ch1)) + +#elif __BYTE_ORDER == __BIG_ENDIAN + +# define MAKE_HWORD(ch1, ch2) ((uint16_t)(ch1 << 8 | ch2)) + +#else + + /* __PDP_ENDIAN et Cie... */ +# error "Congratulations! Your byte order is not supported!" + +#endif @@ -32,124 +54,143 @@ * * ******************************************************************************/ -static void rost_unescape_string_bytes(const char *src, size_t len, sized_string_t *out) +static void rost_unescape_string(const char *src, size_t len, sized_string_t *out) { - size_t i; /* Boucle de parcours */ + read_ptr_t reader; /* Tête de lecture */ + const bin_t *max; /* Fin du parcours */ + uint16_t half; /* Moitié de mot */ bin_t byte; /* Octet à analyser */ - bin_t next; /* Octet suivant */ + bin_t *writer; /* Tête d'écriture */ - out->len = 0; + reader.byte_pos = (const uint8_t *)src; + max = reader.byte_pos + len; - for (i = 0; i < len; i++) - { - byte = src[i]; + writer = out->bin_data; - switch (byte) + while (reader.byte_pos < max) + { + /** + * La lecture par groupes de deux octets n'est pas forcément toujours + * logique : pour "\nabc", la dernière lecture va considérer 'c"', + * incluant ainsi le caractère '"' qui a été écarté pour l'appel. + * + * Le code est cependant suffisamment souple pour ignore le superflu. + */ + switch (*reader.hword_pos) { - case '\\': - - next = src[i + 1]; - - switch (next) - { - case 'a': - out->data[out->len++] = '\a'; - break; - - case 'b': - out->data[out->len++] = '\b'; - break; - - case 't': - out->data[out->len++] = '\t'; - break; - - case 'n': - out->data[out->len++] = '\n'; - break; - - case 'v': - out->data[out->len++] = '\v'; - break; - - case 'f': - out->data[out->len++] = '\f'; - break; - - case 'r': - out->data[out->len++] = '\r'; - break; - - case 'e': - out->data[out->len++] = '\e'; - break; - - case '"': - out->data[out->len++] = '\"'; - break; + case MAKE_HWORD('\\', 'a'): + reader.hword_pos++; + *writer++ = '\a'; + break; - case '\\': - out->data[out->len++] = '\\'; - break; + case MAKE_HWORD('\\', 'b'): + reader.hword_pos++; + *writer++ = '\b'; + break; - case 'x': + case MAKE_HWORD('\\', 't'): + reader.hword_pos++; + *writer++ = '\t'; + break; - next = src[i + 2]; + case MAKE_HWORD('\\', 'n'): + reader.hword_pos++; + *writer++ = '\n'; + break; - switch (next) - { - case '0' ... '9': - out->data[out->len] = (next - '0'); - break; + case MAKE_HWORD('\\', 'v'): + reader.hword_pos++; + *writer++ = '\v'; + break; - case 'A' ... 'F': - out->data[out->len] = 0xa + (next - 'A'); - break; + case MAKE_HWORD('\\', 'f'): + reader.hword_pos++; + *writer++ = '\f'; + break; - case 'a' ... 'f': - out->data[out->len] = 0xa + (next - 'a'); - break; + case MAKE_HWORD('\\', 'r'): + reader.hword_pos++; + *writer++ = '\r'; + break; - } + case MAKE_HWORD('\\', 'e'): + reader.hword_pos++; + *writer++ = '\e'; + break; - out->data[out->len] <<= 4; + case MAKE_HWORD('\\', '"'): + reader.hword_pos++; + *writer++ = '\"'; + break; - next = src[i + 3]; + case MAKE_HWORD('\\', '\\'): + reader.hword_pos++; + *writer++ = '\\'; + break; - switch (next) - { - case '0' ... '9': - out->data[out->len] |= (next - '0'); - break; + case MAKE_HWORD('\\', 'x'): + reader.hword_pos++; + + /** + * Le jeu des expressions régulières qui amène à l'appel de + * cette fonction limite les caractères possibles à trois + * ensembles : chiffres et lettres en majuscules et minuscules. + * + * La bascule des lettres en minuscules ramène les possibles + * à deux ensembles uniquement, simplifiant ainsi les règles + * de filtrage : aucun switch case n'est ainsi requis ! + */ + + half = *reader.hword_pos++; + +#if __BYTE_ORDER == __LITTLE_ENDIAN + byte = (half & 0xff); +#elif __BYTE_ORDER == __BIG_ENDIAN + byte = (half >> 8); +#endif - case 'A' ... 'F': - out->data[out->len] |= 0xa + (next - 'A'); - break; + /* '0' ... '9' */ + if (byte <= '9') + *writer = (byte - '0'); - case 'a' ... 'f': - out->data[out->len] |= 0xa + (next - 'a'); - break; + /* 'A' ... 'F' || 'a' ... 'f' */ + else + { + byte |= 0x20; + *writer = 0xa + (byte - 'a'); + } - } + *writer <<= 4; - out->len++; +#if __BYTE_ORDER == __LITTLE_ENDIAN + byte = (half >> 8); +#elif __BYTE_ORDER == __BIG_ENDIAN + byte = (half & 0xff); +#endif - i += 2; - break; + /* '0' ... '9' */ + if (byte <= '9') + *writer++ |= (byte - '0'); + /* 'A' ... 'F' || 'a' ... 'f' */ + else + { + byte |= 0x20; + *writer++ |= 0xa + (byte - 'a'); } - i++; break; default: - out->data[out->len++] = byte; + *writer++ = *reader.byte_pos++; break; } } + out->len = writer - out->bin_data; + } @@ -167,147 +208,178 @@ static void rost_unescape_string_bytes(const char *src, size_t len, sized_string * * ******************************************************************************/ -static void rost_unescape_bytes(const char *src, size_t len, sized_string_t *out) +static void rost_unescape_regex(const char *src, size_t len, sized_string_t *out) { - size_t i; /* Boucle de parcours */ + read_ptr_t reader; /* Tête de lecture */ + const bin_t *max; /* Fin du parcours */ + uint16_t half; /* Moitié de mot */ bin_t byte; /* Octet à analyser */ - bin_t next; /* Octet suivant */ + bin_t *writer; /* Tête d'écriture */ - out->len = 0; + reader.byte_pos = (const uint8_t *)src; + max = reader.byte_pos + len; - for (i = 0; i < len; i++) - { - byte = src[i]; + writer = out->bin_data; - switch (byte) + while (reader.byte_pos < max) + { + /** + * La lecture par groupes de deux octets n'est pas forcément toujours + * logique : pour "\nabc", la dernière lecture va considérer 'c"', + * incluant ainsi le caractère '"' qui a été écarté pour l'appel. + * + * Le code est cependant suffisamment souple pour ignore le superflu. + */ + switch (*reader.hword_pos) { - case '\\': - - next = src[i + 1]; - - switch (next) - { - case 'a': - out->data[out->len++] = '\a'; - break; - - case 'b': - out->data[out->len++] = '\b'; - break; - - case 't': - out->data[out->len++] = '\t'; - break; - - case 'n': - out->data[out->len++] = '\n'; - break; - - case 'v': - out->data[out->len++] = '\v'; - break; - - case 'f': - out->data[out->len++] = '\f'; - break; - - case 'r': - out->data[out->len++] = '\r'; - break; - - case 'e': - out->data[out->len++] = '\e'; - break; - - case '"': - out->data[out->len++] = '\"'; - break; + case MAKE_HWORD('\\', 'a'): + reader.hword_pos++; + *writer++ = '\a'; + break; - case '\\': - out->data[out->len++] = '\\'; - break; + case MAKE_HWORD('\\', 'b'): + reader.hword_pos++; + *writer++ = '\b'; + break; - case 'x': + case MAKE_HWORD('\\', 't'): + reader.hword_pos++; + *writer++ = '\t'; + break; - next = src[i + 2]; + case MAKE_HWORD('\\', 'n'): + reader.hword_pos++; + *writer++ = '\n'; + break; - switch (next) - { - case '0' ... '9': - out->data[out->len] = (next - '0'); - break; + case MAKE_HWORD('\\', 'v'): + reader.hword_pos++; + *writer++ = '\v'; + break; - case 'A' ... 'F': - out->data[out->len] = 0xa + (next - 'A'); - break; + case MAKE_HWORD('\\', 'f'): + reader.hword_pos++; + *writer++ = '\f'; + break; - case 'a' ... 'f': - out->data[out->len] = 0xa + (next - 'a'); - break; + case MAKE_HWORD('\\', 'r'): + reader.hword_pos++; + *writer++ = '\r'; + break; - } + case MAKE_HWORD('\\', 'e'): + reader.hword_pos++; + *writer++ = '\e'; + break; - out->data[out->len] <<= 4; + case MAKE_HWORD('\\', '"'): + reader.hword_pos++; + *writer++ = '\"'; + break; - next = src[i + 3]; + case MAKE_HWORD('\\', '\\'): + reader.hword_pos++; + *writer++ = '\\'; + break; - switch (next) - { - case '0' ... '9': - out->data[out->len] |= (next - '0'); - break; + case MAKE_HWORD('\\', 'x'): + reader.hword_pos++; + + /** + * Le jeu des expressions régulières qui amène à l'appel de + * cette fonction limite les caractères possibles à trois + * ensembles : chiffres et lettres en majuscules et minuscules. + * + * La bascule des lettres en minuscules ramène les possibles + * à deux ensembles uniquement, simplifiant ainsi les règles + * de filtrage : aucun switch case n'est ainsi requis ! + */ + + half = *reader.hword_pos++; + +#if __BYTE_ORDER == __LITTLE_ENDIAN + byte = (half & 0xff); +#elif __BYTE_ORDER == __BIG_ENDIAN + byte = (half >> 8); +#endif - case 'A' ... 'F': - out->data[out->len] |= 0xa + (next - 'A'); - break; + /* '0' ... '9' */ + if (byte <= '9') + *writer = (byte - '0'); - case 'a' ... 'f': - out->data[out->len] |= 0xa + (next - 'a'); - break; + /* 'A' ... 'F' || 'a' ... 'f' */ + else + { + byte |= 0x20; + *writer = 0xa + (byte - 'a'); + } - } + *writer <<= 4; - out->len++; +#if __BYTE_ORDER == __LITTLE_ENDIAN + byte = (half >> 8); +#elif __BYTE_ORDER == __BIG_ENDIAN + byte = (half & 0xff); +#endif - i += 2; - break; + /* '0' ... '9' */ + if (byte <= '9') + *writer++ |= (byte - '0'); - case '{': - out->data[out->len++] = '{'; - break; + /* 'A' ... 'F' || 'a' ... 'f' */ + else + { + byte |= 0x20; + *writer++ |= 0xa + (byte - 'a'); + } - case '}': - out->data[out->len++] = '}'; - break; + break; - } + case MAKE_HWORD('\\', '{'): + reader.hword_pos++; + *writer++ = '{'; + break; - i++; + case MAKE_HWORD('\\', '}'): + reader.hword_pos++; + *writer++ = '}'; break; default: - out->data[out->len++] = byte; + *writer++ = *reader.byte_pos++; break; } } -} + out->len = writer - out->bin_data; +} #define PUSH_STATE(s) yy_push_state(s, yyscanner) #define POP_STATE yy_pop_state(yyscanner) +#define STOP_LEXER(msg, fbmsg) \ + do \ + { \ + char *__text; \ + int __ret; \ + __ret = asprintf(&__text, "%s: '%s'", msg, yytext); \ + if (__ret == -1) \ + YY_FATAL_ERROR(fbmsg); \ + else \ + { \ + YY_FATAL_ERROR(__text); \ + free(__text); \ + } \ + } \ + while (0) -#define EXTEND_BUFFER_IF_NEEDED(extra) \ - if ((*used + extra) > *allocated) \ - { \ - *allocated *= 2; \ - *buf = realloc(*buf, *allocated); \ - } +#define HANDLE_UNCOMPLETED_TOKEN \ + STOP_LEXER("Uncompleted token in rule definition", "Undisclosed uncompleted token in rule definition") %} @@ -342,7 +414,6 @@ static void rost_unescape_bytes(const char *src, size_t len, sized_string_t *out %x bytes_regex_range %x condition -%x strlit %x wait_for_colon @@ -388,7 +459,7 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* <inc_path>\"{str_mixed}+\" { POP_STATE; - rost_unescape_string_bytes(yytext + 1, yyleng - 2, tmp_0); + rost_unescape_string(yytext + 1, yyleng - 2, tmp_0); #ifndef NDEBUG /* Pour rendre plus lisibles les impressions de débogage */ @@ -411,12 +482,14 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* return RAW_RULE; } - <rule_intro>[A-Za-z0-9_]+ { + <rule_intro>{bytes_id} { yylval->sized_cstring.data = yytext; yylval->sized_cstring.len = yyleng; - return RULE_NAME; + return RULE_IDENTIFIER; } + <rule_intro>":" { return COLON; } + <rule_intro>[ \t]* { } <rule_intro>"{" { @@ -494,7 +567,7 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* return UNSIGNED_INTEGER; } - <meta_value>\"{str_not_escaped}+\" { + <meta_value>\"{str_not_escaped}*\" { POP_STATE; yylval->sized_cstring.data = yytext + 1; @@ -503,10 +576,10 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* return PLAIN_TEXT; } - <meta_value>\"{str_mixed}+\" { + <meta_value>\"{str_mixed}*\" { POP_STATE; - rost_unescape_string_bytes(yytext + 1, yyleng - 2, tmp_0); + rost_unescape_string(yytext + 1, yyleng - 2, tmp_0); #ifndef NDEBUG /* Pour rendre plus lisibles les impressions de débogage */ @@ -535,38 +608,25 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* <condition>[mM][bB] { return MB; } <condition>[gG][bB] { return GB; } -<condition>"\"" { - *used = 0; - PUSH_STATE(strlit); - } +<condition>\"{str_not_escaped}*\" { + yylval->sized_cstring.data = yytext + 1; + yylval->sized_cstring.len = yyleng - 2; -<strlit>"\"" { - POP_STATE; - yylval->sized_cstring.data = *buf; - yylval->sized_cstring.len = *used; - return STRING; - } + return PLAIN_TEXT; + } -<strlit>"\\\"" { EXTEND_BUFFER_IF_NEEDED(1); (*buf)[(*used)++] = '"'; } -<strlit>"\\t" { EXTEND_BUFFER_IF_NEEDED(1); (*buf)[(*used)++] = '\t'; } -<strlit>"\\r" { EXTEND_BUFFER_IF_NEEDED(1); (*buf)[(*used)++] = '\r'; } -<strlit>"\\n" { EXTEND_BUFFER_IF_NEEDED(1); (*buf)[(*used)++] = '\n'; } -<strlit>"\\\\" { EXTEND_BUFFER_IF_NEEDED(1); (*buf)[(*used)++] = '\\'; } - -<strlit>\\x[0-9a-fA-F]{2} { - char __ch; - __ch = strtol(yytext + 2, NULL, 16); - EXTEND_BUFFER_IF_NEEDED(1); - (*buf)[(*used)++] = __ch; - } +<condition>\"{str_mixed}*\" { + rost_unescape_string(yytext + 1, yyleng - 2, tmp_0); -<strlit>[^\\\"]+ { - size_t __len; - __len = strlen(yytext); - EXTEND_BUFFER_IF_NEEDED(__len); - strcpy(&(*buf)[*used], yytext); - *used += __len; - } +#ifndef NDEBUG + /* Pour rendre plus lisibles les impressions de débogage */ + tmp_0->data[tmp_0->len] = '\0'; +#endif + + yylval->tmp_cstring = tmp_0; + + return ESCAPED_TEXT; + } %{ /* Définitions communes pour la section "bytes:" */ %} @@ -592,7 +652,7 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* <bytes_value>\"{str_mixed}+\" { POP_STATE; - rost_unescape_string_bytes(yytext + 1, yyleng - 2, tmp_0); + rost_unescape_string(yytext + 1, yyleng - 2, tmp_0); #ifndef NDEBUG /* Pour rendre plus lisibles les impressions de débogage */ @@ -605,173 +665,203 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* } -%{ /* Définition de motif en hexadécimal */ %} - <bytes_value>"{" { - POP_STATE; - PUSH_STATE(bytes_hex); - } - - <bytes_hex>"}" { POP_STATE; } +<bytes>[A-Za-z_][A-Za-z0-9_]* { + yylval->sized_cstring.data = yytext; + yylval->sized_cstring.len = yyleng; + return NAME; + } - <bytes_hex>"[" { - PUSH_STATE(bytes_hex_range); - return HOOK_O; - } - <bytes_hex_range>"-" { return MINUS; } + <bytes>"((" { return MOD_GROUP_O; } - <bytes_hex_range>"]" { - POP_STATE; - return HOOK_C; - } + <bytes>"))" { return MOD_GROUP_C; } - <bytes_hex>"(" { return PAREN_O; } + <bytes>"(" { return PAREN_O; } - <bytes_hex>")" { return PAREN_C; } + <bytes>")" { return PAREN_C; } - <bytes_hex>"|" { return PIPE; } + <bytes>"," { return COMMA; } - <bytes_hex>"~" { return TILDE; } - <bytes_hex>{hbyte}([ ]*{hbyte})* { - bool even; - size_t i; - bin_t byte; - bin_t value; +<bytes>\"{str_not_escaped}+\" { + yylval->sized_cstring.data = yytext + 1; + yylval->sized_cstring.len = yyleng - 2; - tmp_0->len = 0; + return PLAIN_TEXT; + } - even = true; - for (i = 0; i < yyleng; i++) - { - byte = yytext[i]; - switch (byte) - { - case ' ': - continue; - break; - case '0' ... '9': - value = (byte - '0'); - break; - case 'A' ... 'F': - value = 0xa + (byte - 'A'); - break; +%{ /* Définition de motif en hexadécimal */ %} - case 'a' ... 'f': - value = 0xa + (byte - 'a'); - break; + <bytes_value>"{" { + POP_STATE; + PUSH_STATE(bytes_hex); + } - } + <bytes_hex>"}" { POP_STATE; } - if (even) - tmp_0->data[tmp_0->len] = (value << 4); - else - tmp_0->data[tmp_0->len++] |= value; + <bytes_hex>"[" { + PUSH_STATE(bytes_hex_range); + return HOOK_O; + } - even = !even; + <bytes_hex_range>"-" { return MINUS; } + <bytes_hex_range>"]" { + POP_STATE; + return HOOK_C; } - assert(even); + <bytes_hex>"(" { return PAREN_O; } -#ifndef NDEBUG - /* Pour rendre plus lisibles les impressions de débogage */ - tmp_0->data[tmp_0->len] = '\0'; -#endif + <bytes_hex>")" { return PAREN_C; } - yylval->tmp_cstring = tmp_0; - return HEX_BYTES; + <bytes_hex>"|" { return PIPE; } - } + <bytes_hex>"~" { return TILDE; } - <bytes_hex>[\?]{2}([ ]*[\?]{2})* { - unsigned long long counter; - size_t i; + <bytes_hex>{hbyte}([ ]*{hbyte})*[ ]* { + bool even; + size_t i; + bin_t byte; + bin_t value; - counter = 0; + tmp_0->len = 0; - for (i = 0; i < yyleng; i++) - if (yytext[i] == '?') - counter++; + even = true; - assert(counter % 2 == 0); + for (i = 0; i < yyleng; i++) + { + byte = yytext[i]; - yylval->unsigned_integer = counter / 2; - return FULL_MASK; + switch (byte) + { + case ' ': + continue; + break; - } + case '0' ... '9': + value = (byte - '0'); + break; - <bytes_hex>{mbyte}([ ]*{mbyte})* { - bool even; - size_t i; - bin_t byte; - bin_t value; + case 'A' ... 'F': + value = 0xa + (byte - 'A'); + break; - tmp_0->len = 0; - tmp_1->len = 0; + case 'a' ... 'f': + value = 0xa + (byte - 'a'); + break; - even = true; + } - for (i = 0; i < yyleng; i++) - { - byte = yytext[i]; + if (even) + tmp_0->data[tmp_0->len] = (value << 4); + else + tmp_0->data[tmp_0->len++] |= value; - switch (byte) - { - case ' ': - continue; - break; + even = !even; - case '?': - even = !even; - continue; - break; + } - case '0' ... '9': - value = (byte - '0'); - break; + assert(even); - case 'A' ... 'F': - value = 0xa + (byte - 'A'); - break; +#ifndef NDEBUG + /* Pour rendre plus lisibles les impressions de débogage */ + tmp_0->data[tmp_0->len] = '\0'; +#endif - case 'a' ... 'f': - value = 0xa + (byte - 'a'); - break; + yylval->tmp_cstring = tmp_0; + return HEX_BYTES; - } + } - if (even) - { - tmp_0->data[tmp_0->len++] = (value << 4); - tmp_1->data[tmp_1->len++] = 0xf0; - } - else - { - tmp_0->data[tmp_0->len++] = value; - tmp_1->data[tmp_1->len++] = 0x0f; - } + <bytes_hex>[\?]{2}([ ]*[\?]{2})*[ ]* { + unsigned long long counter; + size_t i; + + counter = 0; + + for (i = 0; i < yyleng; i++) + if (yytext[i] == '?') + counter++; + + assert(counter % 2 == 0); - even = !even; + yylval->unsigned_integer = counter / 2; + return FULL_MASK; } + <bytes_hex>{mbyte}([ ]*{mbyte})*[ ]* { + bool even; + size_t i; + bin_t byte; + bin_t value; + + tmp_0->len = 0; + tmp_1->len = 0; + + even = true; + + for (i = 0; i < yyleng; i++) + { + byte = yytext[i]; + + switch (byte) + { + case ' ': + continue; + break; + + case '?': + even = !even; + continue; + break; + + case '0' ... '9': + value = (byte - '0'); + break; + + case 'A' ... 'F': + value = 0xa + (byte - 'A'); + break; + + case 'a' ... 'f': + value = 0xa + (byte - 'a'); + break; + + } + + if (even) + { + tmp_0->data[tmp_0->len++] = (value << 4); + tmp_1->data[tmp_1->len++] = 0xf0; + } + else + { + tmp_0->data[tmp_0->len++] = value; + tmp_1->data[tmp_1->len++] = 0x0f; + } + + even = !even; + + } + #ifndef NDEBUG - /* Pour rendre plus lisibles les impressions de débogage */ - tmp_0->data[tmp_0->len] = '\0'; - tmp_1->data[tmp_1->len] = '\0'; + /* Pour rendre plus lisibles les impressions de débogage */ + tmp_0->data[tmp_0->len] = '\0'; + tmp_1->data[tmp_1->len] = '\0'; #endif - yylval->masked.tmp_values = tmp_0; - yylval->masked.tmp_masks = tmp_1; - return SEMI_MASK; + yylval->masked.tmp_values = tmp_0; + yylval->masked.tmp_masks = tmp_1; + return SEMI_MASK; - } + } %{ /* Définition d'expressions régulières */ %} @@ -787,7 +877,7 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* <bytes_regex>"." { return DOT; } <bytes_regex>({regular_chars})+ { - rost_unescape_bytes(yytext, yyleng, tmp_0); + rost_unescape_regex(yytext, yyleng, tmp_0); printf(" regular: '%s'\n", yytext); @@ -844,14 +934,14 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* <bytes_regex>"{" { PUSH_STATE(bytes_regex_quantifier); - return BRACKET_O; + return BRACE_IN; } <bytes_regex_quantifier>"," { return COMMA; } <bytes_regex_quantifier>"}" { POP_STATE; - return BRACKET_C; + return BRACE_OUT; } @@ -883,9 +973,9 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* <condition>"/" { return DIV; } <condition>"%" { return MOD; } -<bytes,condition>"(" { return PAREN_O; } -<bytes,condition>")" { return PAREN_C; } -<bytes,condition>"," { return COMMA; } +<condition>"(" { return PAREN_O; } +<condition>")" { return PAREN_C; } +<condition>"," { return COMMA; } <condition>"[" { return HOOK_O; } @@ -921,30 +1011,54 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* return BYTES_ID_COUNTER; } + <condition>#{bytes_fuzzy_id} { + yylval->sized_cstring.data = yytext + 1; + yylval->sized_cstring.len = yyleng - 1; + return BYTES_FUZZY_ID_COUNTER; + } + <condition>@{bytes_id} { yylval->sized_cstring.data = yytext + 1; yylval->sized_cstring.len = yyleng - 1; return BYTES_ID_START; } + <condition>@{bytes_fuzzy_id} { + yylval->sized_cstring.data = yytext + 1; + yylval->sized_cstring.len = yyleng - 1; + return BYTES_FUZZY_ID_START; + } + <condition>!{bytes_id} { yylval->sized_cstring.data = yytext + 1; yylval->sized_cstring.len = yyleng - 1; return BYTES_ID_LENGTH; } + <condition>!{bytes_fuzzy_id} { + yylval->sized_cstring.data = yytext + 1; + yylval->sized_cstring.len = yyleng - 1; + return BYTES_FUZZY_ID_LENGTH; + } + <condition>~{bytes_id} { yylval->sized_cstring.data = yytext + 1; yylval->sized_cstring.len = yyleng - 1; return BYTES_ID_END; } + <condition>~{bytes_fuzzy_id} { + yylval->sized_cstring.data = yytext + 1; + yylval->sized_cstring.len = yyleng - 1; + return BYTES_FUZZY_ID_END; + } + -<bytes,condition>[A-Za-z_][A-Za-z0-9_]* { +<condition>[A-Za-z_][A-Za-z0-9_]* { yylval->sized_cstring.data = yytext; yylval->sized_cstring.len = yyleng; return NAME; @@ -953,41 +1067,150 @@ bytes_fuzzy_id [\*A-Za-z_][\*A-Za-z0-9_]* -<bytes_value>"\"" { - POP_STATE; - // *built_pattern = g_bytes_pattern_new(); - PUSH_STATE(bytes_value_raw); - } -<bytes_value_raw>"\"" { POP_STATE; /*yylval->pattern = *built_pattern*/; return 11111/*MASKED_STRING*/; } -<bytes_value_raw>"\\\"" { }//g_bytes_pattern_append_data(*built_pattern, '"', 0xff); } -<bytes_value_raw>"\\t" { }//g_bytes_pattern_append_data(*built_pattern, '\t', 0xff); } -<bytes_value_raw>"\\r" { }//g_bytes_pattern_append_data(*built_pattern, '\r', 0xff); } -<bytes_value_raw>"\\n" { }//g_bytes_pattern_append_data(*built_pattern, '\n', 0xff); } -<bytes_value_raw>"\\\\" { }//g_bytes_pattern_append_data(*built_pattern, '\\', 0xff); } -<bytes_value_raw>\\x[0-9a-fA-F]{2} { - uint8_t __ch; - __ch = strtol(yytext + 2, NULL, 16); - printf("__ch: %hhx\n", __ch); - //g_bytes_pattern_append_data(*built_pattern, __ch, 0xff); - } +%{ /* Commentaires */ %} + +<*>"/*" { PUSH_STATE(comment); } +<comment>"*/" { POP_STATE; } +<comment>(.|\n) { } -<bytes_value_raw>. { }//g_bytes_pattern_append_data(*built_pattern, *yytext, 0xff); } +<*>"//"[^\n]* { } +%{ /* Suppression du besoin de sauvegardes pour retours en arrière */ %} +"i" { HANDLE_UNCOMPLETED_TOKEN; } +"in" { HANDLE_UNCOMPLETED_TOKEN; } +"inc" { HANDLE_UNCOMPLETED_TOKEN; } +"incl" { HANDLE_UNCOMPLETED_TOKEN; } +"inclu" { HANDLE_UNCOMPLETED_TOKEN; } +"includ" { HANDLE_UNCOMPLETED_TOKEN; } +<inc_path>\" { HANDLE_UNCOMPLETED_TOKEN; } +<inc_path>\"{str_not_escaped}+ { HANDLE_UNCOMPLETED_TOKEN; } +<inc_path>\"\\ { HANDLE_UNCOMPLETED_TOKEN; } +<inc_path>\"\\x { HANDLE_UNCOMPLETED_TOKEN; } +<inc_path>\"\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } +<inc_path>\"{str_mixed}+ { HANDLE_UNCOMPLETED_TOKEN; } +<inc_path>\"{str_mixed}+\\ { HANDLE_UNCOMPLETED_TOKEN; } +<inc_path>\"{str_mixed}+\\x { HANDLE_UNCOMPLETED_TOKEN; } +<inc_path>\"{str_mixed}+\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } -%{ /* Commentaires */ %} +"g" { HANDLE_UNCOMPLETED_TOKEN; } +"gl" { HANDLE_UNCOMPLETED_TOKEN; } +"glo" { HANDLE_UNCOMPLETED_TOKEN; } +"glob" { HANDLE_UNCOMPLETED_TOKEN; } +"globa" { HANDLE_UNCOMPLETED_TOKEN; } -<*>"/*" { PUSH_STATE(comment); } -<comment>"*/" { POP_STATE; } -<comment>(.|\n) { } +"p" { HANDLE_UNCOMPLETED_TOKEN; } +"pr" { HANDLE_UNCOMPLETED_TOKEN; } +"pri" { HANDLE_UNCOMPLETED_TOKEN; } +"priv" { HANDLE_UNCOMPLETED_TOKEN; } +"priva" { HANDLE_UNCOMPLETED_TOKEN; } +"privat" { HANDLE_UNCOMPLETED_TOKEN; } -<*>"//"[^\n]* { } +"r" { HANDLE_UNCOMPLETED_TOKEN; } +"ru" { HANDLE_UNCOMPLETED_TOKEN; } +"rul" { HANDLE_UNCOMPLETED_TOKEN; } + +<raw_block>"m" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block>"me" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block>"met" { HANDLE_UNCOMPLETED_TOKEN; } + +<raw_block,meta>"b" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta>"by" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta>"byt" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta>"byte" { HANDLE_UNCOMPLETED_TOKEN; } + +<raw_block,meta,bytes>"c" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta,bytes>"co" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta,bytes>"con" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta,bytes>"cond" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta,bytes>"condi" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta,bytes>"condit" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta,bytes>"conditi" { HANDLE_UNCOMPLETED_TOKEN; } +<raw_block,meta,bytes>"conditio" { HANDLE_UNCOMPLETED_TOKEN; } + + +<meta_value>"t" { HANDLE_UNCOMPLETED_TOKEN; } +<meta_value>"tr" { HANDLE_UNCOMPLETED_TOKEN; } +<meta_value>"tru" { HANDLE_UNCOMPLETED_TOKEN; } + +<meta_value>"f" { HANDLE_UNCOMPLETED_TOKEN; } +<meta_value>"fa" { HANDLE_UNCOMPLETED_TOKEN; } +<meta_value>"fal" { HANDLE_UNCOMPLETED_TOKEN; } +<meta_value>"fals" { HANDLE_UNCOMPLETED_TOKEN; } + +<meta_value>-0x { HANDLE_UNCOMPLETED_TOKEN; } + +<meta_value>0x { HANDLE_UNCOMPLETED_TOKEN; } + +<meta_value>\"{str_mixed}* { HANDLE_UNCOMPLETED_TOKEN; } +<meta_value>\"{str_mixed}*\\ { HANDLE_UNCOMPLETED_TOKEN; } +<meta_value>\"{str_mixed}*\\x { HANDLE_UNCOMPLETED_TOKEN; } +<meta_value>\"{str_mixed}*\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } + + +<condition>-0x { HANDLE_UNCOMPLETED_TOKEN; } + + +<bytes_hex_range,bytes_regex_quantifier,condition>0x { HANDLE_UNCOMPLETED_TOKEN; } + + +<condition>\"{str_not_escaped}* { HANDLE_UNCOMPLETED_TOKEN; } + +<condition>\" { HANDLE_UNCOMPLETED_TOKEN; } +<condition>\"\\ { HANDLE_UNCOMPLETED_TOKEN; } +<condition>\"\\x { HANDLE_UNCOMPLETED_TOKEN; } +<condition>\"\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } +<condition>\"{str_mixed}+ { HANDLE_UNCOMPLETED_TOKEN; } +<condition>\"{str_mixed}+\\ { HANDLE_UNCOMPLETED_TOKEN; } +<condition>\"{str_mixed}+\\x { HANDLE_UNCOMPLETED_TOKEN; } +<condition>\"{str_mixed}+\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } + + +<bytes_value>\" { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_value>\"\\ { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_value>\"\\x { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_value>\"\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_value>\"{str_mixed}+ { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_value>\"{str_mixed}+\\ { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_value>\"{str_mixed}+\\x { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_value>\"{str_mixed}+\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } + + +<bytes>\"{str_not_escaped}+ { HANDLE_UNCOMPLETED_TOKEN; } + + +<bytes_hex>{hbyte}([ ]*{hbyte})*[ ]*[0-9a-fA-F]/[^?] { HANDLE_UNCOMPLETED_TOKEN; } + + +<bytes_hex>[\?]{2}([ ]*[\?]{2})*[ ]*[\?]/[^0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } + + +<bytes_hex>{mbyte}([ ]*{mbyte})*[ ]*\?/[^?] { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_hex>{mbyte}([ ]*{mbyte})*[ ]*[0-9a-fA-F]/[^0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } + + +<bytes_regex>\\ { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_regex>\\x { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_regex>\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_regex>({regular_chars})+\\ { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_regex>({regular_chars})+\\x { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_regex>({regular_chars})+\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } + + +<bytes_regex>({reg_classes})+\\ + + +<bytes_regex_range>({regular_chars}|({regular_chars}-{regular_chars})|{reg_classes})+\\ { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_regex_range>({regular_chars}|({regular_chars}-{regular_chars})|{reg_classes})+\\x { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_regex_range>({regular_chars}|({regular_chars}-{regular_chars})|{reg_classes})+\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_regex_range>\\x { HANDLE_UNCOMPLETED_TOKEN; } +<bytes_regex_range>\\x[0-9a-fA-F] { HANDLE_UNCOMPLETED_TOKEN; } %{ /* Actions par défaut */ %} diff --git a/src/analysis/type.c b/src/analysis/type.c index f05b9a8..9ed5f3f 100644 --- a/src/analysis/type.c +++ b/src/analysis/type.c @@ -43,7 +43,7 @@ static void g_data_type_class_init(GDataTypeClass *); static void g_data_type_init(GDataType *); /* Procède à l'initialisation de l'interface de sérialisation. */ -static void g_serializable_object_interface_init(GSerializableObjectIface *); +static void g_data_type_serializable_interface_init(GSerializableObjectIface *); /* Supprime toutes les références externes. */ static void g_data_type_dispose(GDataType *); @@ -67,7 +67,7 @@ static bool g_data_type_store(const GDataType *, GObjectStorage *, packed_buffer /* Indique le type défini pour un type quelconque. */ G_DEFINE_TYPE_WITH_CODE(GDataType, g_data_type, G_TYPE_OBJECT, - G_IMPLEMENT_INTERFACE(G_TYPE_SERIALIZABLE_OBJECT, g_serializable_object_interface_init)); + G_IMPLEMENT_INTERFACE(G_TYPE_SERIALIZABLE_OBJECT, g_data_type_serializable_interface_init)); /****************************************************************************** @@ -136,7 +136,7 @@ static void g_data_type_init(GDataType *type) * * ******************************************************************************/ -static void g_serializable_object_interface_init(GSerializableObjectIface *iface) +static void g_data_type_serializable_interface_init(GSerializableObjectIface *iface) { iface->load = (load_serializable_object_cb)g_data_type_load; iface->store = (store_serializable_object_cb)g_data_type_store; diff --git a/src/arch/vmpa.h b/src/arch/vmpa.h index f353ebd..4f35ebe 100644 --- a/src/arch/vmpa.h +++ b/src/arch/vmpa.h @@ -156,6 +156,62 @@ bool store_vmpa(const vmpa2t *, const char *, bound_value **, size_t *); +/* ------------------------ DEFINITION DE POSITION AVEC BITS ------------------------ */ + + +/* Adresse mémoire ou position physique */ +typedef struct _ext_vmpa_t +{ + vmpa2t base; /* Vision macroscopique */ + + uint8_t consumed_extra_bits; /* Avancée supplémentaire */ + +} ext_vmpa_t; + + +#define init_evmpa_from_vmpa(d, s) \ + do \ + { \ + copy_vmpa(&(d)->base, (s)); \ + (d)->consumed_extra_bits = 0; \ + } \ + while (0) + +#define copy_evmpa(d, s) \ + do \ + { \ + copy_vmpa(&(d)->base, &(s)->base); \ + (d)->consumed_extra_bits = (s)->consumed_extra_bits; \ + } \ + while (0) + +#define advance_evmpa_bits(a, q) \ + do \ + { \ + uint8_t __sum; \ + __sum = (a)->consumed_extra_bits + q; \ + if (__sum > 8) \ + { \ + advance_vmpa(&(a)->base, __sum / 8); \ + (a)->consumed_extra_bits = __sum % 8; \ + } \ + else \ + (a)->consumed_extra_bits = __sum; \ + } \ + while (0) + +#define align_evmpa_on_byte(a) \ + do \ + { \ + if ((a)->consumed_extra_bits > 0) \ + { \ + advance_vmpa(&(a)->base, 1); \ + (a)->consumed_extra_bits = 0; \ + } \ + } \ + while (0); + + /* ------------------------ AIDES FONCTIONNELLES AUXILIAIRES ------------------------ */ diff --git a/src/common/bits.c b/src/common/bits.c index a037078..3d0004c 100644 --- a/src/common/bits.c +++ b/src/common/bits.c @@ -38,7 +38,9 @@ struct _bitfield_t { size_t length; /* Nombre de bits représentés */ - size_t requested; /* Nombre de mots alloués */ + + size_t allocated_words; /* Nombre de mots alloués */ + size_t used_words; /* Nombre de mots utilisés */ bool default_state; /* Etat d'initialisation */ @@ -47,6 +49,10 @@ struct _bitfield_t }; +/* Taille des mots intégrés */ +#define BF_WORD_SIZE (sizeof(unsigned long) * 8) + + /* Crée un champ de bits initialisé à zéro. */ static bitfield_t *_create_bit_field(size_t); @@ -73,18 +79,20 @@ static bool test_state_within_bit_field(const bitfield_t *, size_t, const bitfie static bitfield_t *_create_bit_field(size_t length) { bitfield_t *result; /* Création à retourner */ - size_t requested; /* Nombre de mots à allouer */ + size_t needed; /* Nombre de mots à allouer */ size_t base; /* Allocation de base en octets*/ - requested = length / (sizeof(unsigned long) * 8); - if (length % (sizeof(unsigned long) * 8) != 0) requested++; + needed = length / (sizeof(unsigned long) * 8); + if (length % (sizeof(unsigned long) * 8) != 0) needed++; - base = sizeof(bitfield_t) + requested * sizeof(unsigned long); + base = sizeof(bitfield_t) + needed * sizeof(unsigned long); result = (bitfield_t *)malloc(base); result->length = length; - result->requested = requested; + + result->allocated_words = needed; + result->used_words = needed; return result; @@ -140,7 +148,7 @@ bitfield_t *dup_bit_field(const bitfield_t *field) result = _create_bit_field(field->length); - memcpy(result->bits, field->bits, result->requested * sizeof(unsigned long)); + memcpy(result->bits, field->bits, result->used_words * sizeof(unsigned long)); return result; @@ -183,7 +191,45 @@ void copy_bit_field(bitfield_t *dest, const bitfield_t *src) { assert(dest->length == src->length); - memcpy(dest->bits, src->bits, dest->requested * sizeof(unsigned long)); + memcpy(dest->bits, src->bits, dest->used_words * sizeof(unsigned long)); + +} + + +/****************************************************************************** +* * +* Paramètres : field = champ de bits à modifier. [OUT] * +* length = nouveau nombre de bits du champ à représenter. * +* * +* Description : Réduit ou étend la taille d'un champ en évitant l'allocation.* +* * +* Retour : - * +* * +* Remarques : Les éventuels bits supplémentaires ou disparus ne sont pas * +* (ré)initialisés. * +* * +******************************************************************************/ + +void truncate_bit_field(bitfield_t **field, size_t length) +{ + bitfield_t *_field; /* Commodité d'accès */ + size_t needed; /* Nombre de mots à allouer */ + + _field = *field; + + needed = length / (sizeof(unsigned long) * 8); + if (length % (sizeof(unsigned long) * 8) != 0) needed++; + + if (needed <= _field->allocated_words) + { + _field->length = length; + + _field->used_words = needed; + + } + + else + resize_bit_field(field, length); } @@ -204,7 +250,7 @@ void copy_bit_field(bitfield_t *dest, const bitfield_t *src) void resize_bit_field(bitfield_t **field, size_t length) { bitfield_t *_field; /* Commodité d'accès */ - size_t requested; /* Nombre de mots à allouer */ + size_t needed; /* Nombre de mots à allouer */ size_t base; /* Allocation de base en octets*/ size_t remaining; /* Nombre de derniers bits */ size_t last; /* Dernier mot utilisé */ @@ -217,18 +263,18 @@ void resize_bit_field(bitfield_t **field, size_t length) { /* Redimensionnement */ - requested = length / (sizeof(unsigned long) * 8); - if (length % (sizeof(unsigned long) * 8) != 0) requested++; - - base = sizeof(bitfield_t) + requested * sizeof(unsigned long); + needed = length / (sizeof(unsigned long) * 8); + if (length % (sizeof(unsigned long) * 8) != 0) needed++; - *field = realloc(_field, base); - _field = *field; + base = sizeof(bitfield_t) + needed * sizeof(unsigned long); /* Initialisation, si nécessaire */ if (_field->length < length) { + *field = realloc(_field, base); + _field = *field; + last = _field->length / (sizeof(unsigned long) * 8); remaining = _field->length % (sizeof(unsigned long) * 8); @@ -245,7 +291,7 @@ void resize_bit_field(bitfield_t **field, size_t length) } - for (i = last; i < requested; i++) + for (i = last; i < needed; i++) { if (_field->default_state) _field->bits[i] = ~0ul; @@ -258,7 +304,9 @@ void resize_bit_field(bitfield_t **field, size_t length) /* Actualisation des tailles */ _field->length = length; - _field->requested = requested; + + _field->allocated_words = needed; + _field->used_words = needed; } @@ -326,12 +374,12 @@ int compare_bit_fields(const bitfield_t *a, const bitfield_t *b) else final = (1 << final) - 1; - for (i = 0; i < a->requested && result == 0; i++) + for (i = 0; i < a->used_words && result == 0; i++) { val_a = a->bits[i]; val_b = b->bits[i]; - if ((i + 1) == a->requested) + if ((i + 1) == a->used_words) { val_a &= final; val_b &= final; @@ -366,7 +414,7 @@ int compare_bit_fields(const bitfield_t *a, const bitfield_t *b) void reset_all_in_bit_field(bitfield_t *field) { - memset(field->bits, 0u, field->requested * sizeof(unsigned long)); + memset(field->bits, 0u, field->used_words * sizeof(unsigned long)); } @@ -385,7 +433,7 @@ void reset_all_in_bit_field(bitfield_t *field) void set_all_in_bit_field(bitfield_t *field) { - memset(field->bits, ~0u, field->requested * sizeof(unsigned long)); + memset(field->bits, ~0u, field->used_words * sizeof(unsigned long)); } @@ -483,7 +531,7 @@ void and_bit_field(bitfield_t *dest, const bitfield_t *src) assert(dest->length == src->length); - for (i = 0; i < dest->requested; i++) + for (i = 0; i < dest->used_words; i++) dest->bits[i] &= src->bits[i]; } @@ -508,7 +556,7 @@ void or_bit_field(bitfield_t *dest, const bitfield_t *src) assert(dest->length == src->length); - for (i = 0; i < dest->requested; i++) + for (i = 0; i < dest->used_words; i++) dest->bits[i] |= src->bits[i]; } @@ -545,14 +593,13 @@ void or_bit_field_at(bitfield_t *dest, const bitfield_t *src, size_t first) remaining = (first + src->length) % (sizeof(unsigned long) * 8); if ((first + src->length) % (sizeof(unsigned long) * 8) > 0) - last_iter = src->requested; + last_iter = src->used_words; else - last_iter = src->requested - 1; - + last_iter = src->used_words - 1; for (i = 0; i <= last_iter; i++) { - if (i < src->requested) + if (i < src->used_words) word = src->bits[i] << offset; else word = 0; @@ -603,6 +650,42 @@ bool test_in_bit_field(const bitfield_t *field, size_t n) /****************************************************************************** * * +* Paramètres : field = champ de bits à consulter. * +* n = indice du bit à traiter. * +* * +* Description : Détermine si un bit est à 1 dans un champ puis le définit. * +* * +* Retour : true si le bit correspondant était déjà à l'état haut. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool test_and_set_in_bit_field(bitfield_t *field, size_t n) +{ + bool result; /* Valeur retrouvée à renvoyer */ + size_t index; /* Cellule de tableau visée */ + size_t remaining; /* Nombre de bits restants */ + unsigned long *bits; /* Accès mis en commun */ + + assert(n < field->length); + + index = n / (sizeof(unsigned long) * 8); + remaining = n % (sizeof(unsigned long) * 8); + + bits = field->bits + index; + + result = *bits & (1ul << remaining); + + *bits |= (1ul << remaining); + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : field = champ de bits à modifier. * * first = indice du premier bit à traiter. * * count = nombre de bits à marquer. * @@ -736,7 +819,7 @@ static bool test_state_within_bit_field(const bitfield_t *field, size_t first, c else finalcut = (1lu << remaining) - 1; - for (i = 0; i < mask->requested && result; i++) + for (i = 0; i < mask->used_words && result; i++) { windex = start + i; @@ -746,7 +829,7 @@ static bool test_state_within_bit_field(const bitfield_t *field, size_t first, c else { word = field->bits[windex] >> offset; - if ((windex + 1) < field->requested) + if ((windex + 1) < field->used_words) word |= field->bits[windex + 1] << (sizeof(unsigned long) * 8 - offset); } @@ -756,7 +839,7 @@ static bool test_state_within_bit_field(const bitfield_t *field, size_t first, c test &= bitmask; - if ((i + 1) == mask->requested) + if ((i + 1) == mask->used_words) { bitmask &= finalcut; test &= finalcut; @@ -824,6 +907,223 @@ bool test_ones_within_bit_field(const bitfield_t *field, size_t first, const bit /****************************************************************************** * * * Paramètres : field = champ de bits à consulter. * +* prev = indice rapporté avec une itération précédente. * +* * +* Description : Recherche un prochain bit défini dans un champ de bits. * +* * +* Retour : Position d'un bit à 1 ou taille du champ si plus aucun. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t find_next_set_in_bit_field(const bitfield_t *field, const size_t *prev) +{ + size_t result; /* Indice à retourner */ + size_t i; /* Boucle de parcours */ + unsigned long word; /* Espace de travail courant */ + size_t last_pos; /* Position précédente locale */ + int found; /* Bian de recherche locale */ + + /* Travaux sur le premier mot, nécessitant potentiellement un masque */ + + if (prev == NULL) + { + i = 0; + word = field->bits[0]; + } + else + { + i = *prev / BF_WORD_SIZE; + + if (i >= field->used_words) + { + result = field->length; + goto nothing_to_do; + } + + word = field->bits[i]; + + last_pos = *prev % BF_WORD_SIZE; + + if ((last_pos + 1) == BF_WORD_SIZE) + goto next_word; + + word &= ~((1lu << (last_pos + 1)) - 1); + + } + + found = __builtin_ffsl(word); + + if (found > 0) + { + result = i * BF_WORD_SIZE + found - 1; + goto done; + } + + /* Extension aux autres mots suivantes au besoin */ + + next_word: + + result = field->length; + + for (i++; i < field->used_words; i++) + { + found = __builtin_ffsl(field->bits[i]); + + if (found > 0) + { + result = i * BF_WORD_SIZE + found - 1; + + /** + * Validation des bornes finales, pour le dernier mot. + */ + if (result > field->length) + result = field->length; + + goto done; + + } + + } + + /* Sortie */ + + done: + + nothing_to_do: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : field = champ de bits à consulter. * +* extra = champ de bits à placer. * +* first = mémorisation d'un point de départ entre appels. [OUT]* +* * +* Description : Recherche l'indice idéal pour placer un champ dans un autre. * +* * +* Retour : Position du premier bit à insérer. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t find_interleaving_index_for_acism(const bitfield_t *field, const bitfield_t *extra, size_t *first) +{ + size_t result; /* Dimension à retourner */ + size_t i; /* Boucle de parcours #1 */ + const unsigned long *bits; /* Itérateurs sur les bits */ + size_t init_k; /* Point de départ optimal */ + size_t k; /* Boucle de parcours #2 */ + unsigned long mask; /* Valeur à comparer */ + size_t j; /* Boucle de parcours #3 */ + + /** + * La procédure s'appuie sur deux particularité du contexte d'exécution (scan ACISM) : + * - il y a toujours au moins 257 bits (taille maximale du champs "extra") libres + * en fin de champs "field" ; + * - le premier bit du champ "extra" est toujours fixé à 1. + */ + + result = 0; + + for (i = *first; i < field->used_words; i++) + { + /* S'il ne reste plus aucune place */ + if (field->bits[i] != ~0lu) + break; + } + + *first = i; + + bits = field->bits + i; + + for (; i < field->used_words; i++, bits++) + { + /* S'il ne reste plus aucune place */ + if (*bits == ~0lu) + continue; + + init_k = __builtin_ffsl(~*bits) - 1; + + for (k = init_k; k < __WORDSIZE; k++) + { + /** + * Le champs de bits à placer ne comporte pas forcément au moins + * 32/64 bits, mais les bits non comptabilisés du mot sont toujours + * initialisés à zéro. + * + * Aucune prise en compte particulière d'un champ de petite taille + * n'est donc à réaliser ici. + */ + + mask = (extra->bits[0] << k); + + /* Si tous les bits nécessaires au début sont libres... */ + if ((*bits & mask) == 0) + { + for (j = 1; j < extra->used_words; j++) + { + if (k == 0) + mask = extra->bits[j]; + + else + { + /* Portion du mot courant */ + mask = (extra->bits[j] << k); + + /* Relicat du mot précédent */ + mask |= (extra->bits[j - 1] >> (__WORDSIZE - k)); + + } + + if (mask == 0) + continue; + + if ((bits[j] & mask) != 0) + break; + + } + + if (j == extra->used_words) + { + /* Eventuelle dernière bribe débordant sur un dernier mot ? */ + if (k > 0) + { + mask = (extra->bits[j - 1] >> (__WORDSIZE - k)); + + if ((bits[j] & mask) != 0) + continue; + + } + + result = i * __WORDSIZE + k; + goto found; + + } + + } + + } + + } + + found: + + assert(result > 0); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : field = champ de bits à consulter. * * * * Description : Détermine le nombre de bits à 1 dans un champ. * * * @@ -844,7 +1144,7 @@ size_t popcount_for_bit_field(const bitfield_t *field) remaining = field->length; - for (i = 0; i < field->requested; i++) + for (i = 0; i < field->used_words; i++) { value = field->bits[i]; @@ -866,3 +1166,55 @@ size_t popcount_for_bit_field(const bitfield_t *field) return result; } + + +#if 0 + +/****************************************************************************** +* * +* Paramètres : field = champ de bits à consulter. * +* * +* Description : Imprime sur la sortie standard la valeur représentée. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void output_bit_field(const bitfield_t *field) +{ + size_t i; /* Boucle de parcours #1 */ + unsigned long value; /* Valeur masquée à traiter */ + size_t k; /* Boucle de parcours #2 */ + + printf("[len=%zu] \n", field->length); + +#define MAX_BITS (sizeof(unsigned long) * 8) + + for (i = 0; i < field->used_words; i++) + { + value = field->bits[i]; + + if (i > 0) + printf("| "); + + for (k = 0; k < MAX_BITS; k++) + { + if ((i * MAX_BITS + k) >= field->length) + break; + + printf("%c", value & (1lu << k) ? '1' : '.'); + + if ((k + 1) % 8 == 0) + printf(" "); + + } + + } + + printf("\n"); + +} + +#endif diff --git a/src/common/bits.h b/src/common/bits.h index 58fa0fe..608db39 100644 --- a/src/common/bits.h +++ b/src/common/bits.h @@ -45,6 +45,9 @@ void delete_bit_field(bitfield_t *); /* Copie un champ de bits dans un autre. */ void copy_bit_field(bitfield_t *, const bitfield_t *); +/* Réduit ou étend la taille d'un champ en évitant l'allocation. */ +void truncate_bit_field(bitfield_t **, size_t); + /* Redimensionne un champ de bits. */ void resize_bit_field(bitfield_t **, size_t); @@ -78,6 +81,9 @@ void or_bit_field_at(bitfield_t *, const bitfield_t *, size_t); /* Détermine si un bit est à 1 dans un champ de bits. */ bool test_in_bit_field(const bitfield_t *, size_t); +/* Détermine si un bit est à 1 dans un champ puis le définit. */ +bool test_and_set_in_bit_field(bitfield_t *, size_t); + /* Détermine si un ensemble de bits est à 0 dans un champ. */ bool test_none_in_bit_field(const bitfield_t *, size_t, size_t); @@ -90,9 +96,22 @@ bool test_zeros_within_bit_field(const bitfield_t *, size_t, const bitfield_t *) /* Teste l'état à 1 de bits selon un masque de bits. */ bool test_ones_within_bit_field(const bitfield_t *, size_t, const bitfield_t *); +/* Recherche un prochain bit défini dans un champ de bits. */ +size_t find_next_set_in_bit_field(const bitfield_t *, const size_t *); + +/* Recherche l'indice idéal pour placer un champ dans un autre. */ +size_t find_interleaving_index_for_acism(const bitfield_t *, const bitfield_t *, size_t *); + /* Détermine le nombre de bits à 1 dans un champ. */ size_t popcount_for_bit_field(const bitfield_t *); +#if 0 + +/* Imprime sur la sortie standard la valeur représentée. */ +void output_bit_field(const bitfield_t *); + +#endif + #endif /* _COMMON_BITS_H */ diff --git a/src/common/dllist.c b/src/common/dllist.c index a953ad0..1ee7b0d 100644 --- a/src/common/dllist.c +++ b/src/common/dllist.c @@ -24,6 +24,17 @@ #include "dllist.h" +#include <assert.h> + + + +/* Découpe une liste en deux parties. */ +static void split_dl_lists(dl_list_head, dl_list_head *, dl_list_head *); + +/* Trie une liste chaînée en supprimant les éléments identiques. */ +static dl_list_head sort_and_merge_dl_lists_no_dup(dl_list_head *, dl_list_head *, size_t *, __dl_item_compar_fn_t, dl_list_head *); + + /****************************************************************************** * * @@ -79,3 +90,187 @@ void __dl_list_del(dl_list_item *item, dl_list_head *head) } } + + +/****************************************************************************** +* * +* Paramètres : list = liste à découper. * +* part1 = première partie constituée. [OUT] * +* part2 = seconde partie constituée. [OUT] * +* * +* Description : Découpe une liste en deux parties. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void split_dl_lists(dl_list_head list, dl_list_head *part1, dl_list_head *part2) +{ + dl_list_item *iter_slow; /* Boucle de parcours #1 */ + dl_list_item *iter_fast; /* Boucle de parcours #2 */ + + *part1 = list; + + iter_slow = list; + iter_fast = _dl_list_next(iter_slow, list); + + while (iter_fast != NULL) + { + iter_fast = _dl_list_next(iter_fast, list); + + if (iter_fast != NULL) + { + iter_slow = _dl_list_next(iter_slow, list); + iter_fast = _dl_list_next(iter_fast, list); + } + + } + + *part2 = _dl_list_next(iter_slow, list); + + /* Réalisation d'une coupure */ + + if (*part2 != NULL) + { + (*part2)->prev = (*part1)->prev; + (*part2)->prev->next = (*part2); + } + + iter_slow->next = *part1; + (*part1)->prev = iter_slow; + +} + + +/****************************************************************************** +* * +* Paramètres : head = tête de la liste à trier. * +* length = taille de la liste fournie. * +* compar = méthode de comparaison des éléments. * +* duplicated = liste des éléments présents en double. [OUT] * +* * +* Description : Trie une liste chaînée en supprimant les éléments identiques.* +* * +* Retour : Nouvelle liste obtenue. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static dl_list_head sort_and_merge_dl_lists_no_dup(dl_list_head *a, dl_list_head *b, size_t *length, __dl_item_compar_fn_t compar, dl_list_head *duplicated) +{ + dl_list_head result; /* Liste fusionnée à renvoyer */ + int ret; /* Bilan d'une comparaison */ + dl_list_head next; /* Maillons de liste suivants */ + + if (dl_list_empty(*a)) + result = *b; + + else if (dl_list_empty(*b)) + result = *a; + + else + { + ret = compar(*a, *b); + + if (ret < 0) + { + result = *a; + __dl_list_del(result, a); + DL_LIST_ITEM_INIT(result); + + next = sort_and_merge_dl_lists_no_dup(a, b, length, compar, duplicated); + assert(!dl_list_empty(next)); + _dl_list_merge(result, next); + + } + + else if (ret == 0) + { + result = *a; + __dl_list_del(result, a); + DL_LIST_ITEM_INIT(result); + + if (length != NULL) + (*length)--; + + if (duplicated != NULL) + { + /** + * L'élément est ici ajouté à la liste sans respect d'un ordre particulier. + */ + + if (dl_list_empty(*duplicated)) + *duplicated = result; + else + __dl_list_add(result, duplicated, (*duplicated)->prev, *duplicated); + + } + + result = *b; + __dl_list_del(result, b); + DL_LIST_ITEM_INIT(result); + + next = sort_and_merge_dl_lists_no_dup(a, b, length, compar, duplicated); + if (!dl_list_empty(next)) + _dl_list_merge(result, next); + + } + + else + { + result = *b; + __dl_list_del(result, b); + DL_LIST_ITEM_INIT(result); + + next = sort_and_merge_dl_lists_no_dup(a, b, length, compar, duplicated); + assert(!dl_list_empty(next)); + _dl_list_merge(result, next); + + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : head = tête de la liste à trier. * +* length = taille de la liste fournie. * +* compar = méthode de comparaison des éléments. * +* duplicated = liste des éléments présents en double. [OUT] * +* * +* Description : Trie une liste chaînée en notant les éléments identiques. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void sort_dl_list_no_dup(dl_list_head *head, size_t *length, __dl_item_compar_fn_t compar, dl_list_head *duplicated) +{ + dl_list_head part1; /* Première moitiée à traiter */ + dl_list_head part2; /* Seconde moitiée à traiter */ + + /* S'il y a réellement quelque chose à faire */ + if (!dl_list_empty(*head) && !_dl_list_is_last(*head, *head)) + { + /* Découpage en deux sous-listes */ + split_dl_lists(*head, &part1, &part2); + + /* Tri des deux listes obtenues */ + sort_dl_list_no_dup(&part1, length, compar, duplicated); + sort_dl_list_no_dup(&part2, length, compar, duplicated); + + /* Fusion des deux listes triées */ + *head = sort_and_merge_dl_lists_no_dup(&part1, &part2, length, compar, duplicated); + + } + +} diff --git a/src/common/dllist.h b/src/common/dllist.h index 111843b..1fb010a 100644 --- a/src/common/dllist.h +++ b/src/common/dllist.h @@ -62,6 +62,12 @@ void __dl_list_del(dl_list_item *, dl_list_head *); #define dl_list_empty(head) \ ((head) == NULL) +#define _dl_list_is_last(item, head) \ + ((item)->next == head) + +#define dl_list_is_last(item, head, member) \ + item->member.next == &head->member + #define dl_list_last(head, type, member) \ (dl_list_empty(head) ? NULL : (type *)container_of(head->member.prev, type, member)) @@ -108,6 +114,17 @@ void __dl_list_del(dl_list_item *, dl_list_head *); } \ while(0) +#define _dl_list_merge(head1, head2) \ + do \ + { \ + dl_list_item *mid = head1->prev; \ + mid->next = head2; \ + head1->prev = head2->prev; \ + head2->prev->next = head1; \ + head2->prev = mid; \ + } \ + while(0) + #define dl_list_merge(head1, head2, type, member) \ do \ { \ @@ -134,6 +151,16 @@ void __dl_list_del(dl_list_item *, dl_list_head *); _result; \ }) +#define _dl_list_next(iter, head) \ + ({ \ + dl_list_item *__next; \ + __next = iter->next; \ + if (__next == head) \ + __next = NULL; \ + __next; \ + }) + + #define dl_list_next_iter(iter, head, type, member) \ (iter->member.next == &head->member ? \ NULL : container_of(iter->member.next, type, member)) @@ -164,5 +191,12 @@ void __dl_list_del(dl_list_item *, dl_list_head *); pos = dl_list_prev_iter(pos, (head), type, member)) +/* Prototype pour un comparateur d'éléments */ +typedef int (*__dl_item_compar_fn_t) (const dl_list_item *, const dl_list_item *); + +/* Trie une liste chaînée en notant les éléments identiques. */ +void sort_dl_list_no_dup(dl_list_head *, size_t *, __dl_item_compar_fn_t, dl_list_head *); + + #endif /* _COMMON_DLLIST_H */ diff --git a/src/common/sort.c b/src/common/sort.c index fe5bd38..d79d71a 100644 --- a/src/common/sort.c +++ b/src/common/sort.c @@ -432,6 +432,91 @@ void *qinsert_multi(void *base, size_t *nmemb, size_t size, __compar_fn_t compar /****************************************************************************** * * +* Paramètres : base = adresse du tableau à parcourir. * +* nmemb = nombre d'éléments présents au total. [OUT] * +* allocated = taille déjà allouée pour le tableau. [OUT] * +* size = taille de chaque élément du tableau. * +* new = nouvel élément à insérer. * +* index = indice du point d'insertion. * +* * +* Description : Ajoute à l'endroit indiqué un élément dans un tableau. * +* * +* Retour : Nouvel emplacement du tableau agrandi. * +* * +* Remarques : - * +* * +******************************************************************************/ + +void *_qinsert_managed(void *base, size_t *nmemb, size_t *allocated, size_t size, void *new, size_t index) +{ + void *result; /* Tableau trié à retourner */ + + if (*nmemb == *allocated) + { + if (*allocated == 0) + *allocated = 1024 * 8; + else + *allocated *= 2; + + result = realloc(base, *allocated * size); + + } + else + result = base; + + if (index < *nmemb) + memmove((char *)result + (index + 1) * size, (char *)result + index * size, (*nmemb - index) * size); + + (*nmemb)++; + + memcpy((char *)result + index * size, new, size); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : base = adresse du tableau à parcourir. * +* nmemb = nombre d'éléments présents au total. [OUT] * +* allocated = taille déjà allouée pour le tableau. [OUT] * +* size = taille de chaque élément du tableau. * +* compar = méthode de comparaison entre éléments. * +* new = nouvel élément à insérer. * +* * +* Description : Ajoute au bon endroit un élément dans un tableau trié. * +* * +* Retour : Nouvel emplacement du tableau agrandi. * +* * +* Remarques : - * +* * +******************************************************************************/ + +void *qinsert_managed(void *base, size_t *nmemb, size_t *allocated, size_t size, __compar_fn_t compar, void *new) +{ + void *result; /* Tableau trié à retourner */ +#ifndef NDEBUG + bool found; /* Présence de partage existant*/ +#endif + size_t index; /* Indice du point d'insertion */ + +#ifndef NDEBUG + found = bsearch_index(new, base, *nmemb, size, compar, &index); + assert(!found); +#else + bsearch_index(new, base, *nmemb, size, compar, &index); +#endif + + result = _qinsert_managed(base, nmemb, allocated, size, new, index); + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : base = adresse du tableau à parcourir. * * nmem = nombre d'éléments présents au total. [OUT] * * size = taille de chaque élément du tableau. * diff --git a/src/common/sort.h b/src/common/sort.h index 4b2ae94..39a6f33 100644 --- a/src/common/sort.h +++ b/src/common/sort.h @@ -64,6 +64,12 @@ void *qinsert(void *, size_t *, size_t, __compar_fn_t, void *); /* Ajoute au bon endroit un élément dans un tableau trié. */ void *qinsert_multi(void *, size_t *, size_t, __compar_fn_t, void *); +/* Ajoute à l'endroit indiqué un élément dans un tableau. */ +void *_qinsert_managed(void *, size_t *, size_t *, size_t, void *, size_t); + +/* Ajoute au bon endroit un élément dans un tableau trié. */ +void *qinsert_managed(void *, size_t *, size_t *, size_t, __compar_fn_t, void *); + /* Supprime un élément dans un tableau trié. */ void *_qdelete(void *, size_t *, size_t, size_t); diff --git a/src/common/szstr.h b/src/common/szstr.h index aad1920..406a9f1 100644 --- a/src/common/szstr.h +++ b/src/common/szstr.h @@ -38,8 +38,13 @@ typedef struct _sized_string_t { union { + const char *static_data; /* Données non modifiées */ char *data; /* Chaîne de caractères */ + + const bin_t *static_bin_data; /* Données brutes non modifiées*/ + bin_t *bin_data; /* Données brutes */ + }; size_t len; /* Taille correspondante */ diff --git a/src/core/core.c b/src/core/core.c index fe7a5e0..636e41e 100644 --- a/src/core/core.c +++ b/src/core/core.c @@ -44,7 +44,6 @@ #include "../common/io.h" #include "../common/xdg.h" #include "../glibext/linesegment.h" -#include "../plugins/dt.h" @@ -101,9 +100,11 @@ bool load_all_core_components(bool cs) explorer = g_content_explorer_new(); set_current_content_explorer(explorer); + g_object_unref(G_OBJECT(explorer)); resolver = g_content_resolver_new(); set_current_content_resolver(resolver); + g_object_unref(G_OBJECT(resolver)); #ifdef INCLUDE_MAGIC_SUPPORT if (result) result = init_magic_cookie(); @@ -111,6 +112,7 @@ bool load_all_core_components(bool cs) root_ns = g_scan_namespace_new(NULL); set_rost_root_namespace(root_ns); + g_object_unref(G_OBJECT(root_ns)); if (result) result = populate_main_scan_namespace(root_ns); if (result) result = load_all_known_scan_token_modifiers(); @@ -120,8 +122,6 @@ bool load_all_core_components(bool cs) register_arch_gtypes(); init_operands_factory(); - if (result) result = init_chrysalide_dynamic_types(); - } } @@ -147,10 +147,10 @@ void unload_all_core_components(bool cs) { if (cs) { - exit_chrysalide_dynamic_types(); - exit_operands_factory(); + exit_segment_content_hash_table(); + unload_demanglers_definitions(); unload_processors_definitions(); @@ -179,3 +179,79 @@ void unload_all_core_components(bool cs) ERR_free_strings(); } + + +/****************************************************************************** +* * +* Paramètres : selected = liste d'éléments à décharger. * +* * +* Description : Charge une sélection d'éléments de base du programme. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_core_components(AvailableCoreComponent flags) +{ + static bool result = false; /* Bilan à retourner */ + static bool done = false; /* Mémorisation des passages */ + GScanNamespace *root_ns; /* Espace de noms ROST racine */ + + /** + * On mémorise les passages réussis. + */ + if (!done) + { + done = true; + result = true; + + if (flags & ACC_SCAN_FEATURES) + { +#ifdef INCLUDE_MAGIC_SUPPORT + if (result) result = init_magic_cookie(); +#endif + + root_ns = g_scan_namespace_new(NULL); + set_rost_root_namespace(root_ns); + g_object_unref(G_OBJECT(root_ns)); + + if (result) result = populate_main_scan_namespace(root_ns); + if (result) result = load_all_known_scan_token_modifiers(); + + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : selected = liste d'éléments à décharger. * +* * +* Description : Décharge une sélection d'éléments de base du programme. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void unload_core_components(AvailableCoreComponent flags) +{ + if (flags & ACC_SCAN_FEATURES) + { + unload_all_scan_token_modifiers(); + set_rost_root_namespace(NULL); + +#ifdef INCLUDE_MAGIC_SUPPORT + exit_magic_cookie(); +#endif + + } + +} diff --git a/src/core/core.h b/src/core/core.h index 0221f56..def2813 100644 --- a/src/core/core.h +++ b/src/core/core.h @@ -36,5 +36,19 @@ bool load_all_core_components(bool); void unload_all_core_components(bool); +/* Eléments à (dé)charger disponibles */ +typedef enum _AvailableCoreComponent +{ + ACC_SCAN_FEATURES = (1 << 0), /* Espace de noms pour scan */ + +} AvailableCoreComponent; + +/* Charge une sélection d'éléments de base du programme. */ +bool load_core_components(AvailableCoreComponent); + +/* Décharge une sélection d'éléments de base du programme. */ +void unload_core_components(AvailableCoreComponent); + + #endif /* _CORE_CORE_H */ diff --git a/src/core/demanglers.c b/src/core/demanglers.c index 0eb4e36..5518008 100644 --- a/src/core/demanglers.c +++ b/src/core/demanglers.c @@ -85,12 +85,12 @@ bool register_demangler_type(GType type) else { - _demanglers_definitions = (demangler_t *)realloc(_demanglers_definitions, - ++_demanglers_definitions_count * sizeof(demangler_t)); + _demanglers_definitions = realloc(_demanglers_definitions, + ++_demanglers_definitions_count * sizeof(demangler_t)); new = &_demanglers_definitions[_demanglers_definitions_count - 1]; - new->key = strdup(key); + new->key = key; new->type = type; result = true; diff --git a/src/core/paths.c b/src/core/paths.c index 5902e83..c9213bc 100644 --- a/src/core/paths.c +++ b/src/core/paths.c @@ -125,15 +125,13 @@ char *get_effective_directory(const char *template) char *get_effective_directory_new(TargetDirectoryType type) { char *result; /* Répertoire à retourner */ -#ifdef DISCARD_LOCAL +#if defined DISCARD_LOCAL && defined PYTHON_PACKAGE Dl_info info; /* Informations dynamiques */ int ret; /* Bilan d'une récupération */ char *dyn_path_tmp; /* Chemin d'accès modifiable */ const char *dyn_path; /* Chemin d'accès courant */ -# ifdef PYTHON_PACKAGE size_t len; /* Taille de comparaison */ size_t pos; /* Position dans une chaîne */ -# endif #endif /** @@ -155,20 +153,6 @@ char *get_effective_directory_new(TargetDirectoryType type) result = NULL; -#ifdef DISCARD_LOCAL - - ret = dladdr(__FUNCTION__, &info); - if (ret == 0) - { - LOG_ERROR_DL_N("dladdr"); - goto exit; - } - - dyn_path_tmp = strdup(info.dli_fname); - dyn_path = dirname(dyn_path_tmp); - -#endif - switch (type) { case TDT_PLUGINS_LIB: @@ -178,6 +162,16 @@ char *get_effective_directory_new(TargetDirectoryType type) #else # ifdef PYTHON_PACKAGE + ret = dladdr(__FUNCTION__, &info); + if (ret == 0) + { + LOG_ERROR_DL_N("dladdr"); + break; + } + + dyn_path_tmp = strdup(info.dli_fname); + dyn_path = dirname(dyn_path_tmp); + len = strlen("chrysalide-libs"); pos = strlen(dyn_path); @@ -193,9 +187,12 @@ char *get_effective_directory_new(TargetDirectoryType type) result[pos] = '\0'; result = stradd(result, "chrysalide-plugins"); + bad_sync: + + free(dyn_path_tmp); + # else - result = strdup(dyn_path); - result = stradd(result, G_DIR_SEPARATOR_S "chrysalide-plugins"); + result = strdup(PLUGINS_LIB_DIR); # endif #endif break; @@ -206,20 +203,6 @@ char *get_effective_directory_new(TargetDirectoryType type) } -#ifdef DISCARD_LOCAL - -# ifdef PYTHON_PACKAGE - - bad_sync: - -# endif - - free(dyn_path_tmp); - - exit: - -#endif - assert(result != NULL); return result; diff --git a/src/glibext/Makefile.am b/src/glibext/Makefile.am index ad98809..986bbd1 100644 --- a/src/glibext/Makefile.am +++ b/src/glibext/Makefile.am @@ -30,7 +30,9 @@ libglibext_la_SOURCES = \ seq.h seq.c \ signal.h signal.c \ singleton.h singleton.c \ - linesegment.h linesegment.c + linesegment.h linesegment.c \ + umemslice-int.h \ + umemslice.h umemslice.c if BUILD_GTK_SUPPORT diff --git a/src/glibext/configuration.c b/src/glibext/configuration.c index 5bc94a7..ce7fac8 100644 --- a/src/glibext/configuration.c +++ b/src/glibext/configuration.c @@ -1224,13 +1224,9 @@ static void g_generic_config_init(GGenConfig *config) static void g_generic_config_dispose(GGenConfig *config) { - g_list_free_full(config->groups, g_object_unref); + g_clear_list(&config->groups, g_object_unref); - config->groups = NULL; - - g_list_free_full(config->params, g_object_unref); - - config->params = NULL; + g_clear_list(&config->params, g_object_unref); G_OBJECT_CLASS(g_generic_config_parent_class)->dispose(G_OBJECT(config)); diff --git a/src/glibext/delayed.c b/src/glibext/delayed.c index 64f18cf..6b5ac35 100644 --- a/src/glibext/delayed.c +++ b/src/glibext/delayed.c @@ -885,7 +885,7 @@ static void g_work_queue_dispose(GWorkQueue *queue) g_mutex_lock(&queue->mutex); for (i = 0; i < queue->groups_count; i++) - g_object_unref(G_OBJECT(queue->groups[i])); + g_clear_object(&queue->groups[i]); g_mutex_unlock(&queue->mutex); diff --git a/src/glibext/umemslice-int.h b/src/glibext/umemslice-int.h new file mode 100644 index 0000000..36cc2d4 --- /dev/null +++ b/src/glibext/umemslice-int.h @@ -0,0 +1,71 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * umemslice-int.h - prototypes internes pour les allocations en série d'un même type d'objets + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _GLIBEXT_UMEMSLICE_INT_H +#define _GLIBEXT_UMEMSLICE_INT_H + + +#include <stdbool.h> + + +#include "umemslice.h" + + + +/* Informations portant sur un bloc */ +typedef struct _slice_slab_info_t +{ + void *data_max; /* Zone de débordement */ + umem_slice_iter_t iter; /* Données pour l'utilisateur */ + +} slice_slab_info_t; + +#define SLICE_INFO_SIZE (sizeof(void *) + sizeof(umem_slice_iter_t)) + + +/* Allocateur s'appuyant sur des séries d'objets de même type (instance) */ +struct _GUMemSlice +{ + GObject parent; /* A laisser en premier */ + + size_t obj_size; /* Taille des objects */ + + slice_slab_info_t *slabs; /* Ensembles complets */ + slice_slab_info_t *last; /* Accès à l'ultime tranche */ + +}; + +/* Allocateur s'appuyant sur des séries d'objets de même type (classe) */ +struct _GUMemSliceClass +{ + GObjectClass parent; /* A laisser en premier */ + +}; + + +/* Met en place un allocateur de zones identiques. */ +bool g_umem_slice_create(GUMemSlice *, size_t); + + + +#endif /* _GLIBEXT_UMEMSLICE_INT_H */ diff --git a/src/glibext/umemslice.c b/src/glibext/umemslice.c new file mode 100644 index 0000000..40088ef --- /dev/null +++ b/src/glibext/umemslice.c @@ -0,0 +1,423 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * umemslice.c - allocations en série d'un même type d'objets + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "umemslice.h" + + +#include <assert.h> +#include <stdint.h> +#include <sys/mman.h> + + +#include "umemslice-int.h" +#include "../core/logs.h" + + + +/* --------------------------- GESTION D'UN BLOC D'OBJETS --------------------------- */ + + +#define SLAB_SIZE (8 * 1024 * 1024) + + +/* Alloue un espace pour un nouveau slab en mémoire. */ +static slice_slab_info_t *create_slice_slab(size_t, size_t); + +/* Supprime l'espace correspondant à un slab en mémoire. */ +static void destroy_slice_slab(slice_slab_info_t *, size_t); + + + +/* --------------------------- ALLOCATIONS ET LIBERATIONS --------------------------- */ + + +/* Initialise la classe des allocateurs d'objets similaires. */ +static void g_umem_slice_class_init(GUMemSliceClass *); + +/* Initialise une instance d'allocateur d'objets similaires. */ +static void g_umem_slice_init(GUMemSlice *); + +/* Supprime toutes les références externes. */ +static void g_umem_slice_dispose(GUMemSlice *); + +/* Procède à la libération totale de la mémoire. */ +static void g_umem_slice_finalize(GUMemSlice *); + + + +/* ---------------------------------------------------------------------------------- */ +/* GESTION D'UN BLOC D'OBJETS */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : slab_size = taille totale du slab à allouer. * +* obj_size = taille des futurs objets contenus. * +* * +* Description : Alloue un espace pour un nouveau slab en mémoire. * +* * +* Retour : Adresse du gestionnaire du slab mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static slice_slab_info_t *create_slice_slab(size_t slab_size, size_t obj_size) +{ + slice_slab_info_t *result; /* Structure à retourner */ + void *data; /* Zone de mémoire allouée */ + int ret; /* Bilan d'une précision */ + size_t quantity; /* Quantité d'objets allouable */ + + assert(obj_size % sizeof(unsigned long) == 0); + + data = mmap(NULL, slab_size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS/* | MAP_POPULATE*/, -1, 0); + + if (data == MAP_FAILED) + { + LOG_ERROR_N("mmap"); + result = NULL; + goto exit; + } + + ret = madvise(data, slab_size, MADV_SEQUENTIAL); + if (ret == -1) + LOG_ERROR_N("madvise"); + + /* Initialisation du gestionnaire */ + + result = data; + + quantity = (slab_size - SLICE_INFO_SIZE) / obj_size; + + //result->data_max = ((uint8_t *)data) + (quantity * obj_size); + + result->iter.data_end = ((uint8_t *)data) + SLICE_INFO_SIZE; + result->iter.next = NULL; + + result->data_max = result->iter.data_end + (quantity * obj_size); + + exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : slab = gestionnaire d'une zone mémoire à manipuler. * +* slab_size = taille totale du slab à allouer. * +* * +* Description : Supprime l'espace correspondant à un slab en mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void destroy_slice_slab(slice_slab_info_t *slab, size_t slab_size) +{ + void *data; /* Zone de mémoire allouée */ + int ret; /* Bilan de l'opération */ + + data = slab; + + ret = munmap(data, slab_size); + + if (ret == -1) + LOG_ERROR_N("munmap"); + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* ALLOCATIONS ET LIBERATIONS */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type défini pour un allocateur en série d'objets depuis une même zone mémoire. */ +G_DEFINE_TYPE(GUMemSlice, g_umem_slice, G_TYPE_OBJECT); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des allocateurs d'objets similaires. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_umem_slice_class_init(GUMemSliceClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_umem_slice_dispose; + object->finalize = (GObjectFinalizeFunc)g_umem_slice_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : slice = instance à initialiser. * +* * +* Description : Initialise une instance d'allocateur d'objets similaires. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_umem_slice_init(GUMemSlice *slice) +{ + slice->obj_size = 0; + + slice->slabs = NULL; + slice->last = NULL; + + +} + + +/****************************************************************************** +* * +* Paramètres : slice = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_umem_slice_dispose(GUMemSlice *slice) +{ + G_OBJECT_CLASS(g_umem_slice_parent_class)->dispose(G_OBJECT(slice)); + +} + + +/****************************************************************************** +* * +* Paramètres : slice = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_umem_slice_finalize(GUMemSlice *slice) +{ + slice_slab_info_t *slab; /* Slab à libérer entièrement */ + slice_slab_info_t *next; /* Slab suivant à traiter */ + + for (slab = slice->slabs; slab != NULL; slab = next) + { + if (slab->iter.next == NULL) + next = NULL; + else + next = (slice_slab_info_t *)(((uint8_t *)slab->iter.next) - sizeof(void *)); + + destroy_slice_slab(slab, SLAB_SIZE); + + } + + G_OBJECT_CLASS(g_umem_slice_parent_class)->finalize(G_OBJECT(slice)); + +} + + +/****************************************************************************** +* * +* Paramètres : size = taille des objets à allouer en mémoire. * +* * +* Description : Crée un allocateur dédié à la création de zones identiques. * +* * +* Retour : Allocateur mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GUMemSlice *g_umem_slice_new(size_t size) +{ + GUMemSlice *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_UMEM_SLICE, NULL); + + if (!g_umem_slice_create(result, size)) + g_clear_object(&result); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : slice = instance à initialiser pleinement. * +* size = taille des objets à allouer en mémoire. * +* * +* Description : Met en place un allocateur de zones identiques. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_umem_slice_create(GUMemSlice *slice, size_t size) +{ + bool result; /* Bilan à retourner */ + + result = true; + + slice->obj_size = size; + + slice->slabs = create_slice_slab(SLAB_SIZE, size); + slice->last = slice->slabs; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : slice = allocateur à manipuler. * +* * +* Description : Alloue une nouvelle zone de la taille attendue en mémoire. * +* * +* Retour : Adresse de la zone nouvellement disponible ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +void *g_umem_slice_alloc(GUMemSlice *slice) +{ + void *result; /* Allocation à retourner */ + slice_slab_info_t *slab; /* Slab concerné par l'opérat° */ + umem_slice_iter_t *iter; /* Tête d'écriture courante */ + + slab = slice->last; + + assert(slab != NULL); + + if (slab->iter.data_end == slab->data_max) + { + slice->last = create_slice_slab(SLAB_SIZE, slice->obj_size); + + slab->iter.next = &slice->last->iter; + + slab = slice->last; + + } + + iter = &slab->iter; + + result = iter->data_end; + + iter->data_end_ul += slice->obj_size; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : slice = allocateur à manipuler. * +* val = valeur de 64 bits à intégrer. * +* * +* Description : Mémorise un mot de 64 bits dans une nouvelle zone en mémoire.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_umem_slice_put_uint64(GUMemSlice *slice, uint64_t val) +{ + slice_slab_info_t *slab; /* Slab concerné par l'opérat° */ + + assert(slice->obj_size == sizeof(uint64_t)); + + slab = slice->last; + + assert(slab != NULL); + + if (slab->iter.data_end == slab->data_max) + { + slice->last = create_slice_slab(SLAB_SIZE, slice->obj_size); + + slab->iter.next = &slice->last->iter; + + slab = slice->last; + + } + + *slab->iter.data_end_uint64 = val; + + slab->iter.data_end_ul += slice->obj_size; + +} + + +/****************************************************************************** +* * +* Paramètres : slice = allocateur à consulter. * +* * +* Description : Fournit un itérateur pour les données allouées. * +* * +* Retour : Premier descripteur des données allouées. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const umem_slice_iter_t *g_umem_slice_get_iter(const GUMemSlice *slice) +{ + const umem_slice_iter_t *result; /* Pointeur à retourner */ + + result = &slice->slabs->iter; + + return result; + +} diff --git a/src/glibext/umemslice.h b/src/glibext/umemslice.h new file mode 100644 index 0000000..54b8433 --- /dev/null +++ b/src/glibext/umemslice.h @@ -0,0 +1,80 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * umemslice.h - prototypes pour les allocations en série d'un même type d'objets + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _GLIBEXT_UMEMSLICE_H +#define _GLIBEXT_UMEMSLICE_H + + +#include <glib-object.h> +#include <stdint.h> + + + +#define G_TYPE_UMEM_SLICE g_umem_slice_get_type() +#define G_UMEM_SLICE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_UMEM_SLICE, GUMemSlice)) +#define G_IS_UMEM_SLICE(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_UMEM_SLICE)) +#define G_UMEM_SLICE_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_UMEM_SLICE, GUMemSliceClass)) +#define G_IS_UMEM_SLICE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_UMEM_SLICE)) +#define G_UMEM_SLICE_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_UMEM_SLICE, GUMemSliceClass)) + + +/* Allocateur s'appuyant sur des séries d'objets de même type (instance) */ +typedef struct _GUMemSlice GUMemSlice; + +/* Allocateur s'appuyant sur des séries d'objets de même type (classe) */ +typedef struct _GUMemSliceClass GUMemSliceClass; + + +/* Indique le type défini pour un allocateur en série d'objets depuis une même zone mémoire. */ +GType g_umem_slice_get_type(void); + +/* Crée un allocateur dédié à la création de zones identiques. */ +GUMemSlice *g_umem_slice_new(size_t); + +/* Alloue une nouvelle zone de la taille attendue en mémoire. */ +void *g_umem_slice_alloc(GUMemSlice *); + +/* Mémorise un mot de 64 bits dans une nouvelle zone en mémoire. */ +void g_umem_slice_put_uint64(GUMemSlice *, uint64_t); + +/* Itérateur pour tranches de mémoire */ +typedef struct _umem_slice_iter_t +{ + union + { + void *data_end; /* Première zone libre */ + uint64_t *data_end_uint64; + unsigned long data_end_ul; + }; + struct _umem_slice_iter_t *next; /* Lien vers tranche suivante */ + + void *data[0]; /* Accès au premier élément */ + +} umem_slice_iter_t; + +/* Fournit un itérateur pour les données allouées. */ +const umem_slice_iter_t *g_umem_slice_get_iter(const GUMemSlice *); + + + +#endif /* _GLIBEXT_UMEMSLICE_H */ diff --git a/src/glibext/widthtracker.c b/src/glibext/widthtracker.c index eba30c1..bfeb32c 100644 --- a/src/glibext/widthtracker.c +++ b/src/glibext/widthtracker.c @@ -1095,8 +1095,8 @@ void g_width_tracker_update_deleted(GWidthTracker *tracker, size_t start, size_t void g_width_tracker_build_initial_cache(GWidthTracker *tracker, wgroup_id_t gid, GtkStatusStack *status) { guint runs_count; /* Qté d'exécutions parallèles */ - GWidthUpdate **updates; /* Mesures à suivre */ size_t run_size; /* Volume réparti par exécution*/ + GWidthUpdate **updates; /* Mesures à suivre */ GWorkQueue *queue; /* Gestionnaire de différés */ activity_id_t id; /* Identifiant de progression */ guint i; /* Boucle de parcours */ diff --git a/src/gui/core/core.c b/src/gui/core/core.c index c68b917..6bebfe2 100644 --- a/src/gui/core/core.c +++ b/src/gui/core/core.c @@ -32,7 +32,6 @@ #include "../menus/view.h" #include "../panels/welcome.h" #include "../../core/params.h" -#include "../../glibext/linesegment.h" #include "../../gtkext/tiledgrid.h" @@ -199,8 +198,6 @@ bool complete_loading_of_all_gui_components(GGenConfig *config) void unload_all_gui_components(void) { - exit_segment_content_hash_table(); - unload_all_themes(); } @@ -484,8 +484,6 @@ int main(int argc, char **argv) remember_gtypes_for_leaks(); #endif - exit_all_plugins(); - #ifdef INCLUDE_GTK_SUPPORT if (!batch_mode) @@ -506,6 +504,8 @@ int main(int argc, char **argv) dump_remaining_gtypes(); #endif + exit_all_plugins(); + done: return result; diff --git a/src/plugins/dt.c b/src/plugins/dt.c index c476dde..d678637 100644 --- a/src/plugins/dt.c +++ b/src/plugins/dt.c @@ -204,6 +204,25 @@ static void g_dynamic_types_interface_init(GTypePluginClass *iface) static void g_dynamic_types_dispose(GDynamicTypes *types) { + size_t i; /* Boucle de parcours */ + type_dyn_info_t *info; /* Information à exploiter */ + gpointer g_class; /* Classe à oublier */ + + for (i = 0; i < types->count; i++) + { + info = types->info[i]; + + if (info->type != G_TYPE_INVALID) + { + g_class = g_type_class_peek(info->type); + g_type_class_unref(g_class); + + info->type = G_TYPE_INVALID; + + } + + } + G_OBJECT_CLASS(g_dynamic_types_parent_class)->dispose(G_OBJECT(types)); } @@ -223,6 +242,14 @@ static void g_dynamic_types_dispose(GDynamicTypes *types) static void g_dynamic_types_finalize(GDynamicTypes *types) { + size_t i; /* Boucle de parcours */ + + for (i = 0; i < types->count; i++) + free(types->info[i]); + + if (types->info != NULL) + free(types->info); + G_OBJECT_CLASS(g_dynamic_types_parent_class)->finalize(G_OBJECT(types)); } @@ -367,7 +394,7 @@ static type_dyn_info_t *g_dynamic_types_find(const GDynamicTypes *types, GType t * * * Description : Fournit un identifiant GLib pour un nouveau type. * * * -* Retour : identifiant d'un nouveau type valide, ou 0. * +* Retour : identifiant d'un nouveau type valide, ou G_TYPE_INVALID. * * * * Remarques : - * * * @@ -382,7 +409,7 @@ static GType g_dynamic_types_register_type(GDynamicTypes *types, GType parent, c result = g_type_register_dynamic(parent, name, G_TYPE_PLUGIN(types), 0); - if (result == 0) + if (result == G_TYPE_INVALID) goto exit; new = malloc(sizeof(type_dyn_info_t)); @@ -467,7 +494,7 @@ void exit_chrysalide_dynamic_types(void) * * * Description : Fournit un identifiant GLib pour un nouveau type. * * * -* Retour : Identifiant d'un nouveau type valide, ou 0. * +* Retour : Identifiant d'un nouveau type valide, ou G_TYPE_INVALID. * * * * Remarques : - * * * diff --git a/src/plugins/pglist.c b/src/plugins/pglist.c index bacb3ac..6b36d2f 100644 --- a/src/plugins/pglist.c +++ b/src/plugins/pglist.c @@ -35,6 +35,7 @@ #include <i18n.h> +#include "dt.h" #include "plugin-int.h" #include "../common/extstr.h" #include "../core/logs.h" @@ -75,11 +76,15 @@ static void on_plugin_ref_toggle(gpointer, GPluginModule *, gboolean); bool init_all_plugins(bool load) { + bool result; /* Bilan à retourner */ char *edir; /* Répertoire de base effectif */ char *env; /* Contenu environnemental */ char *saveptr; /* Sauvegarde pour parcours */ char *udir; /* Répertoire supplémentaire ? */ + result = init_chrysalide_dynamic_types(); + if (!result) goto exit; + g_rw_lock_init(&_pg_lock); edir = get_effective_directory_new(TDT_PLUGINS_LIB); @@ -102,7 +107,9 @@ bool init_all_plugins(bool load) if (load) load_remaning_plugins(); - return true; + exit: + + return result; } @@ -178,6 +185,8 @@ void exit_all_plugins(void) g_rw_lock_clear(&_pg_lock); + exit_chrysalide_dynamic_types(); + } @@ -342,6 +351,9 @@ void _register_plugin(GPluginModule *plugin) } + else + /* FIXME : leak(plugin); */; + } @@ -34,17 +34,19 @@ #include <i18n.h> - #include "gleak.h" #include "analysis/contents/file.h" +#include "analysis/scan/core.h" #include "analysis/scan/options.h" #include "analysis/scan/scanner.h" -#include "analysis/scan/patterns/backends/bitap.h" #include "analysis/scan/patterns/backends/acism.h" +#include "analysis/scan/patterns/backends/bitap.h" +#include "analysis/scan/patterns/backends/hyperscan.h" #include "core/core.h" #include "core/global.h" #include "core/logs.h" #include "core/paths.h" +#include "plugins/pglist.h" @@ -55,7 +57,7 @@ static void show_rost_help(const char *); static void show_rost_version(void); /* Récupère un contenu à traiter depuis l'entrée standard. */ -static void *get_input_data_from_stdin(void); +static void *get_input_data_from_stdin(size_t *); @@ -91,15 +93,22 @@ static void show_rost_help(const char *name) printf("\n"); - printf("\t-A --algorithm=name\tSelect one of the available algorithms for data: bitmap, acism (default: acsim).\n"); + printf("\t-A --algorithm=NAME\tSelect one of the available algorithms for data: acism, bitmap, hyperscan (default: acsim).\n"); printf("\t-C --check-only\t\tValidate the rule syntax without performing a scan (discard the file/dir argument).\n"); - printf("\t-j --print-json\t\tPrint matching strings in JSON format.\n"); - printf("\t-s --print-strings\tPrint matching strings.\n"); + printf("\t-j --print-json\t\tPrint matching strings in JSON format instead of simple text.\n"); + printf("\t-s --print-strings\tPrint matching strings (default text format only).\n"); printf("\t-S --print-stats\tPrint rules' statistics.\n"); + printf("\t-g --print-tags\t\tPrint tags linked to rules on match (default text format only).\n"); + printf("\t-t --tag=TAG\t\tPrint only matching rules tagged as TAG (default text format only).\n"); printf("\t-V --verbosity=level\tSet the log level (0 for all messages, %u for none).\n", LMT_COUNT); printf("\n"); + printf("\t--dump-modifiers\tList all registered modifiers for string patterns.\n"); + printf("\t--dump-namespaces\tExplore the root namespace with all its functions and sub-namespaces.\n"); + + printf("\n"); + free(tmp); } @@ -147,7 +156,7 @@ static void show_rost_version(void) /****************************************************************************** * * -* Paramètres : - * +* Paramètres : length = taille de la définition lue. [OUT] * * * * Description : Récupère un contenu à traiter depuis l'entrée standard. * * * @@ -157,23 +166,22 @@ static void show_rost_version(void) * * ******************************************************************************/ -static void *get_input_data_from_stdin(void) +static void *get_input_data_from_stdin(size_t *length) { char *result; /* Espace mémoire à retourner */ - size_t length; /* Taille de ce contenu */ ssize_t got; /* Quantité d'octets lus */ result = NULL; - length = 0; + *length = 0; #define ALLOC_SIZE 2048 while (true) { - result = realloc(result, (length + ALLOC_SIZE) * sizeof(char)); + result = realloc(result, (*length + ALLOC_SIZE) * sizeof(char)); - got = read(STDIN_FILENO, result + length, ALLOC_SIZE); + got = read(STDIN_FILENO, result + *length, ALLOC_SIZE); if (got == -1) { @@ -181,7 +189,7 @@ static void *get_input_data_from_stdin(void) goto exit_with_error; } - length += got; + *length += got; if (got < ALLOC_SIZE) break; @@ -219,12 +227,21 @@ int main(int argc, char **argv) bool show_version; /* Affichage de la version ? */ bool check_only; /* Validation uniquement */ LogMessageType verbosity; /* Niveau de filtre de message */ + bool dump_modifiers; /* Affichage des modificateurs */ + bool dump_namespaces; /* Affichage des fonctions */ GScanOptions *options; /* Options d'analyses */ int index; /* Indice d'argument */ int ret; /* Bilan d'un appel */ char *edir; /* Répertoire de base effectif */ + size_t mod_count; /* Quantité de modificateurs */ + char **modifiers; /* Liste de modificateurs */ + size_t i; /* Boucle de parcours */ + GScanNamespace *root_ns; /* Espace de noms ROST racine */ + size_t items_count; /* Quantité de modificateurs */ + char **items; /* Liste de modificateurs */ char *rules; /* Définition de règles */ char *target; /* Cible communiquée */ + size_t rule_length; /* Taille d'un contenu */ void *rule_content; /* Contenu à traduire */ GContentScanner *scanner; /* Encadrement d'une recherche */ GBinContent *content; /* Contenu à analyser */ @@ -232,6 +249,8 @@ int main(int argc, char **argv) sized_string_t padding; /* Bourrage pour le JSON */ bool full; /* Détailler l'affichage ? */ +#define LONG_ID(n) (0x40570000 | n) + static struct option long_options[] = { { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, 'v' }, @@ -240,7 +259,11 @@ int main(int argc, char **argv) { "print-json", no_argument, NULL, 'j' }, { "print-strings", no_argument, NULL, 's' }, { "print-stats", no_argument, NULL, 'S' }, + { "print-tags", no_argument, NULL, 'g' }, + { "tag", required_argument, NULL, 't' }, { "verbosity", required_argument, NULL, 'V' }, + { "dump-modifiers", no_argument, NULL, LONG_ID(1) }, + { "dump-namespaces",no_argument, NULL, LONG_ID(2) }, { NULL, 0, NULL, 0 } }; @@ -252,7 +275,9 @@ int main(int argc, char **argv) show_version = false; check_only = false; - verbosity = LMT_INFO; + verbosity = LMT_COUNT; + dump_modifiers = false; + dump_namespaces = false; options = g_scan_options_new(); @@ -260,7 +285,7 @@ int main(int argc, char **argv) while (true) { - ret = getopt_long(argc, argv, "hvA:CjsSV:", long_options, &index); + ret = getopt_long(argc, argv, "hvA:CjsSgt:V:", long_options, &index); if (ret == -1) break; switch (ret) @@ -274,10 +299,12 @@ int main(int argc, char **argv) break; case 'A': - if (strcmp(optarg, "bitmap") == 0) - g_scan_options_set_backend_for_data(options, G_TYPE_BITAP_BACKEND); - else if (strcmp(optarg, "acism") == 0) + if (strcmp(optarg, "acism") == 0) g_scan_options_set_backend_for_data(options, G_TYPE_ACISM_BACKEND); + else if (strcmp(optarg, "bitmap") == 0) + g_scan_options_set_backend_for_data(options, G_TYPE_BITAP_BACKEND); + else if (strcmp(optarg, "hyperscan") == 0) + g_scan_options_set_backend_for_data(options, G_TYPE_HYPERSCAN_BACKEND); else g_scan_options_set_backend_for_data(options, G_TYPE_INVALID); break; @@ -299,20 +326,28 @@ int main(int argc, char **argv) g_scan_options_set_print_stats(options, true); break; + case 'g': + g_scan_options_set_print_tags(options, true); + break; + + case 't': + g_scan_options_select_tag(options, optarg); + break; + case 'V': verbosity = strtoul(optarg, NULL, 10); break; - } + case LONG_ID(1): + dump_modifiers = true; + break; - } + case LONG_ID(2): + dump_namespaces = true; + break; + + } - if ((check_only && (optind + 0) != argc && (optind + 1) != argc) - || (!check_only && (optind + 1) != argc && (optind + 2) != argc)) - { - printf("failed: check=%d optind=%d argc=%d\n", check_only, optind, argc); - show_rost_help(argv[0]); - goto done; } /* Actions de base */ @@ -355,8 +390,64 @@ int main(int argc, char **argv) set_log_verbosity(verbosity); - if (!load_all_core_components(true)) +#define CORE_COMPONENTS (ACC_SCAN_FEATURES) + + if (!load_core_components(CORE_COMPONENTS)) + goto done; + + /* + init_all_plugins(true); + */ + + if (dump_modifiers) + { + modifiers = list_all_scan_token_modifiers(&mod_count); + + for (i = 0; i < mod_count; i++) + { + printf("%s\n", modifiers[i]); + free(modifiers[i]); + } + + if (modifiers != NULL) + free(modifiers); + + result = EXIT_SUCCESS; + + } + + if (dump_namespaces) + { + root_ns = get_rost_root_namespace(); + + items = g_scan_namespace_explore(root_ns, &items_count); + + for (i = 0; i < items_count; i++) + { + printf("%s\n", items[i]); + free(items[i]); + } + + if (items != NULL) + free(items); + + result = EXIT_SUCCESS; + + g_object_unref(G_OBJECT(root_ns)); + + } + + if ((check_only && (optind + 0) != argc && (optind + 1) != argc) + || (!check_only && (optind + 1) != argc && (optind + 2) != argc)) + { + if (result == EXIT_FAILURE) + show_rost_help(argv[0]); goto done; + } + + /* Réinitialisation en cas de dump... */ + else + result = EXIT_FAILURE; /* Traitement des recherches */ @@ -393,11 +484,11 @@ int main(int argc, char **argv) if (rules == NULL) { - rule_content = get_input_data_from_stdin(); + rule_content = get_input_data_from_stdin(&rule_length); if (rule_content != NULL) { - scanner = g_content_scanner_new_from_text(rule_content); + scanner = g_content_scanner_new_from_text(rule_content, rule_length); free(rule_content); } else @@ -416,6 +507,7 @@ int main(int argc, char **argv) if (content == NULL) goto bad_file_content; context = g_content_scanner_analyze(scanner, options, content); + if (context == NULL) goto bad_scan_context; if (g_scan_options_get_print_json(options)) { @@ -434,28 +526,33 @@ int main(int argc, char **argv) } g_object_unref(G_OBJECT(context)); + + bad_scan_context: + g_object_unref(G_OBJECT(content)); bad_file_content: - g_object_unref(G_OBJECT(scanner)); - } + g_clear_object(&scanner); + g_object_unref(G_OBJECT(options)); /* Sortie */ - unload_all_core_components(false); - #ifdef TRACK_GOBJECT_LEAKS remember_gtypes_for_leaks(); #endif + unload_core_components(CORE_COMPONENTS); + #ifdef TRACK_GOBJECT_LEAKS dump_remaining_gtypes(); #endif + //exit_all_plugins(); + done: return result; diff --git a/tests/analysis/scan/functions.py b/tests/analysis/scan/functions.py index 96f029f..6aca957 100644 --- a/tests/analysis/scan/functions.py +++ b/tests/analysis/scan/functions.py @@ -9,6 +9,41 @@ class TestRostFunctions(RostTestClass): # Core # ==== + def testSetCounter(self): + """Count quantities and set sizes.""" + + rule = ''' +rule test { + + condition: + count("ABC") == 3 + and count("AB", "C") == count("ABC") + +} +''' + + self.check_rule_success(rule) + + + cnt = MemoryContent(b'\x01\x02\x02\x03\x03\x03') + + rule = ''' +rule test { + + bytes: + $int_01 = "\x01" + $int_02 = "\x02" + $int_3 = "\x03" + + condition: + count($int_0*, $int_3) == #int_* + +} +''' + + self.check_rule_success(rule, cnt) + + def testDatasize(self): """Handle the size of the provided data.""" @@ -33,6 +68,32 @@ rule test { self.check_rule_success(rule, cnt) + def testMaxCommon(self): + """Count the largest quantity of same items in a set.""" + + cnt = MemoryContent(b'') + + cases = [ + [ '1', 1 ], + [ '1, 2, 3', 1 ], + [ '1, 2, 1, 3, 1', 3 ], + [ '1, "a", 2, 3, "a"', 2 ], + ] + + for c, q in cases: + + rule = ''' +rule test { + + condition: + maxcommon(%s) == %u + +} +''' % (c, q) + + self.check_rule_success(rule, cnt) + + # Modules # ======= @@ -108,6 +169,7 @@ rule test { self.check_rule_success(rule) + rule = ''' rule test { @@ -119,6 +181,7 @@ rule test { self.check_rule_success(rule) + rule = ''' rule test { @@ -134,6 +197,19 @@ rule test { self.check_rule_success(rule) + rule = r''' +rule test { + + condition: + "A\x00B\x00C\x00D\x00" endswith string.wide("CD") + and "A\x00B\x00C\x00D\x00" contains string.wide("BC") + +} +''' + + self.check_rule_success(rule) + + def testTime(self): """Check current time.""" @@ -150,6 +226,7 @@ rule test { self.check_rule_success(rule) + rule = ''' rule test { diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py index 53227af..1b9b25b 100644 --- a/tests/analysis/scan/fuzzing.py +++ b/tests/analysis/scan/fuzzing.py @@ -108,3 +108,182 @@ rule test { ''' self.check_rule_failure(rule) + + + def testSelfReferencingRule(self): + """Expect only one argument for the not operator, even in debug mode.""" + + rule = ''' +rule test { + + condition: + not(0) + +} +''' + + self.check_rule_success(rule) + + + def testNoCommon(self): + """Handle the case where no common item is found from an empty set.""" + + rule = ''' +rule test { + + bytes: + $a = "a" + + condition: + maxcommon($a) == 0 + +} +''' + + self.check_rule_success(rule) + + + def testAAsAcharacter(self): + """Consider the 'a' character as a valid lowercase character.""" + + rule = ''' +rule test { + + bytes: + $a = "0000a0I0" nocase + + condition: + $a + +} +''' + + self.check_rule_failure(rule) + + + def testAAsAcharacter(self): + """Do not expect initialized trackers when there is no real defined search pattern.""" + + rule = ''' +rule test { + + bytes: + $a = {[0]} + + condition: + $a + +} +''' + + with self.assertRaisesRegex(ValueError, 'Unable to create content scanner'): + + scanner = ContentScanner(rule) + + + def testAllocations(self): + """Handle big alloctions for strings in conditions with regular expressions.""" + + rule = ''' +rule test { + + condition: + "%s" == "%s" + +} +''' % ("0" * (256 * 2 + 8), "0" * (256 * 2 + 8)) + + self.check_rule_success(rule) + + + def testFileFinalAccess(self): + """Ensure patterns found at the edges of scanned content do not crash the scanner.""" + + cnt = MemoryContent(bytes([ 0 for i in range(16) ])) + + rule = ''' +rule test { + + bytes: + $a = { 00 00 00 00 00 00 00 00 } + + condition: + $a + +} +''' + + self.check_rule_success(rule, cnt) + + + def testValidHexRangeMerge(self): + """Merge valid hexadecimal ranges.""" + + rule = ''' +rule test { + + bytes: + $a = { [0] ?? } + + condition: + $a + +} +''' + + with self.assertRaisesRegex(ValueError, 'Unable to create content scanner'): + + scanner = ContentScanner(rule) + + + rule = ''' +rule test { + + bytes: + $a = { [2] ?? } + + condition: + $a + +} +''' + + self.check_rule_failure(rule) + + + def testSmallBase64(self): + """Handle small base64 encodings which may produce few patterns.""" + + rule = ''' +rule test { + + bytes: + $a = "0" base64 + + condition: + $a + +} +''' + + self.check_rule_failure(rule) + + + def testCountIndex(self): + """Ban pattern count indexes from the grammer.""" + + rule = ''' +rule test { + + bytes: + $a = "1" + + condition: + #*[0] + +} +''' + + with self.assertRaisesRegex(ValueError, 'Unable to create content scanner'): + + scanner = ContentScanner(rule) diff --git a/tests/analysis/scan/grammar.py b/tests/analysis/scan/grammar.py index 13a255b..14f67fa 100644 --- a/tests/analysis/scan/grammar.py +++ b/tests/analysis/scan/grammar.py @@ -2,6 +2,7 @@ import json from common import RostTestClass +from pychrysalide.analysis.contents import MemoryContent class TestRostGrammar(RostTestClass): @@ -250,6 +251,232 @@ rule test { self.check_rule_failure(rule) + def testMatchCount(self): + """Ensure match count provides expected values.""" + + cnt = MemoryContent(b'\x01\x02\x02\x03\x03\x03') + + rule = ''' +rule test { + + bytes: + $int_01 = "\x01" + $int_02 = "\x02" + $int_03 = "\x03" + + condition: + #int_01 == count($int_01) and #int_01 == 1 + and #int_02 == count($int_02) and #int_02 == 2 + and #int_03 == count($int_03) and #int_03 == 3 + and #int_0* == count($int_0*) and #int_0* == 6 + +} +''' + + self.check_rule_success(rule, cnt) + + + def testBackingUpHandlers(self): + """Ensure handlers for backing up removals do not limit the grammar.""" + + cnt = MemoryContent(b'AB12') + + # Uncompleted token in rule definition: '?? ?? ' + + rule = ''' +rule test { + + bytes: + $a = { ?? ?? } + + condition: + #a == 3 + +} +''' + + self.check_rule_success(rule, content=cnt) + + # Uncompleted token in rule definition: '?? ' + + rule = ''' +rule test { + + bytes: + $a = { ?? 4? } + + condition: + #a == 1 + +} +''' + + self.check_rule_success(rule, content=cnt) + + # Uncompleted token in rule definition: '?? ?' + + rule = ''' +rule test { + + bytes: + $a = { ?? ?2 } + + condition: + #a == 2 + +} +''' + + self.check_rule_success(rule, content=cnt) + + # Uncompleted token in rule definition: '?? ' + + rule = ''' +rule test { + + bytes: + $a = { ?? 42 } + + condition: + #a == 1 + +} +''' + + self.check_rule_success(rule, content=cnt) + + + # Uncompleted token in rule definition: '?1 ?' + + rule = ''' +rule test { + + bytes: + $a = { ?1 ?? } + + condition: + #a == 2 + +} +''' + + self.check_rule_success(rule, content=cnt) + + # Uncompleted token in rule definition: '?1 4? ' + + rule = ''' +rule test { + + bytes: + $a = { ?1 4? } + + condition: + #a == 1 + +} +''' + + self.check_rule_success(rule, content=cnt) + + # Uncompleted token in rule definition: '?1 ?2 ' + + rule = ''' +rule test { + + bytes: + $a = { ?1 ?2 } + + condition: + #a == 2 + +} +''' + + self.check_rule_success(rule, content=cnt) + + # Uncompleted token in rule definition: '?1 4' + + rule = ''' +rule test { + + bytes: + $a = { ?1 42 } + + condition: + #a == 1 + +} +''' + + self.check_rule_success(rule, content=cnt) + + + # Uncompleted token in rule definition: '41 ' + + rule = ''' +rule test { + + bytes: + $a = { 41 ?? } + + condition: + #a == 1 + +} +''' + + self.check_rule_success(rule, content=cnt) + + # Uncompleted token in rule definition: '41 4' + + rule = ''' +rule test { + + bytes: + $a = { 41 4? } + + condition: + #a == 1 + +} +''' + + self.check_rule_success(rule, content=cnt) + + # Uncompleted token in rule definition: '41 ' + + rule = ''' +rule test { + + bytes: + $a = { 41 ?2 } + + condition: + #a == 1 + +} +''' + + self.check_rule_success(rule, content=cnt) + + # Uncompleted token in rule definition: '41 42 ' + + rule = ''' +rule test { + + bytes: + $a = { 41 42 } + + condition: + #a == 1 + +} +''' + + self.check_rule_success(rule, content=cnt) + + + # TODO : test <haystack> matches <regex> diff --git a/tests/analysis/scan/matches.py b/tests/analysis/scan/matches.py index 0d7556e..efcae4f 100644 --- a/tests/analysis/scan/matches.py +++ b/tests/analysis/scan/matches.py @@ -7,14 +7,14 @@ class TestRostMatchs(RostTestClass): """TestCases for the ROST pattern matching engine.""" def testCountMatches(self): - """Count matches patterns.""" + """Count matched patterns.""" cnt = MemoryContent(b'aaa aaa bbb aaa') rule = ''' rule test { - strings: + bytes: $a = "aaa" $b = "bbb" @@ -25,3 +25,40 @@ rule test { ''' self.check_rule_success(rule, cnt) + + + def testCountSameMatches(self): + """Count matches of similar patterns.""" + + cnt = MemoryContent(b'ABCDabcdABCDabcd') + + rule = ''' +rule test { + + bytes: + $a = "\x61\x62\x63\x64" + $b = "\x61\x62\x63\x64" + + condition: + #a == 2 and #b == 2 + +} +''' + + self.check_rule_success(rule, cnt) + + + rule = ''' +rule test { + + bytes: + $a = "\x61\x62\x63\x64" + $b = "\x61\x62\x63" + + condition: + #a == 2 and #b == 2 + +} +''' + + self.check_rule_success(rule, cnt) diff --git a/tests/analysis/scan/pyapi.py b/tests/analysis/scan/pyapi.py index 4b066f3..7a697b3 100644 --- a/tests/analysis/scan/pyapi.py +++ b/tests/analysis/scan/pyapi.py @@ -1,5 +1,6 @@ import binascii +import struct from chrysacase import ChrysalideTestCase from gi._constants import TYPE_INVALID @@ -34,7 +35,7 @@ class TestRostPythonAPI(ChrysalideTestCase): class StrLenExpr(ScanExpression): def __init__(self, value): - super().__init__(ScanExpression.ExprValueType.STRING) + super().__init__(ScanExpression.ScanReductionState.REDUCED) self._value = value def _cmp_rich(self, other, op): @@ -73,6 +74,7 @@ class TestRostPythonAPI(ChrysalideTestCase): self.assertEqual(source, transformed[0]) + mod = find_token_modifiers_for_name('hex') self.assertIsNotNone(mod) @@ -81,6 +83,7 @@ class TestRostPythonAPI(ChrysalideTestCase): self.assertEqual(binascii.hexlify(source), transformed[0]) + mod = find_token_modifiers_for_name('rev') self.assertIsNotNone(mod) @@ -88,3 +91,207 @@ class TestRostPythonAPI(ChrysalideTestCase): transformed = mod.transform(source) self.assertEqual(source[::-1], transformed[0]) + + + mod = find_token_modifiers_for_name('lower') + self.assertIsNotNone(mod) + + source = b'AbC' + transformed = mod.transform(source) + + self.assertEqual(source.lower(), transformed[0]) + + + mod = find_token_modifiers_for_name('upper') + self.assertIsNotNone(mod) + + source = b'AbC' + transformed = mod.transform(source) + + self.assertEqual(source.upper(), transformed[0]) + + + mod = find_token_modifiers_for_name('wide') + self.assertIsNotNone(mod) + + source = b'ABC' + transformed = mod.transform(source) + + self.assertEqual(source.decode('ascii'), transformed[0].decode('utf-16-le')) + + + mod = find_token_modifiers_for_name('base64') + self.assertIsNotNone(mod) + + source = b'ABC' + transformed = mod.transform(source) + + self.assertEqual(len(transformed), 3) + self.assertEqual(transformed[0], b'QUJD') + self.assertEqual(transformed[1], b'FCQ') + self.assertEqual(transformed[2], b'BQk') + + + def testClassicalAPIHashing(self): + """Reproduce classical API Hashing results.""" + + def b2i(t): + return struct.unpack('<I', t)[0] + + + # Example: + # - PlugX (2020) - https://vms.drweb.fr/virus/?i=21512304 + + mod = find_token_modifiers_for_name('crc32') + self.assertIsNotNone(mod) + + source = b'GetCurrentProcess\x00' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0x3690e66) + + + # Example: + # - GuLoader (2020) - https://www.crowdstrike.com/blog/guloader-malware-analysis/ + + mod = find_token_modifiers_for_name('djb2') + self.assertIsNotNone(mod) + + source = b'GetProcAddress' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0xcf31bb1f) + + + def testCustomAPIHashing(self): + """Reproduce custom API Hashing results.""" + + def b2i(t): + return struct.unpack('<I', t)[0] + + + # Example: + # Underminer Exploit Kit (2019) - https://jsac.jpcert.or.jp/archive/2019/pdf/JSAC2019_1_koike-nakajima_jp.pdf + + mod = find_token_modifiers_for_name('add1505-shl5') + self.assertIsNotNone(mod) + + source = b'LoadLibraryA' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0x5fbff0fb) + + + # Example: + # Enigma Stealer (2023) https://www.trendmicro.com/es_mx/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html + + mod = find_token_modifiers_for_name('enigma-murmur') + self.assertIsNotNone(mod) + + source = b'CreateMutexW' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0xfd43765a) + + + # Examples: + # - ShadowHammer (2019) - https://blog.f-secure.com/analysis-shadowhammer-asus-attack-first-stage-payload/ + # - ShadowHammer (2019) - https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/ + + mod = find_token_modifiers_for_name('imul21-add') + self.assertIsNotNone(mod) + + source = b'VirtualAlloc' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0xdf894b12) + + + # Examples: + # - Bottle Exploit Kit (2019) - https://nao-sec.org/2019/12/say-hello-to-bottle-exploit-kit.html + # - ShadowHammer (2019) - https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/ + + mod = find_token_modifiers_for_name('imul83-add') + self.assertIsNotNone(mod) + + source = b'GetProcAddress' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0x9ab9b854) + + + # Examples: + # - ?? (2021) - https://www.threatspike.com/blogs/reflective-dll-injection + # - Mustang Panda (2022) - https://blog.talosintelligence.com/mustang-panda-targets-europe/ + + mod = find_token_modifiers_for_name('ror13') + self.assertIsNotNone(mod) + + source = b'GetProcAddress' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0x7c0dfcaa) + + source = b'VirtualAlloc' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0x91afca54) + + + # Example: + # - Energetic Bear (2019) - https://insights.sei.cmu.edu/blog/api-hashing-tool-imagine-that/ + + mod = find_token_modifiers_for_name('sll1-add-hash32') + self.assertIsNotNone(mod) + + source = b'LoadLibraryA' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0x000d5786) + + + # Example: + # - SideWinder/WarHawk (2022) - https://www.zscaler.com/blogs/security-research/warhawk-new-backdoor-arsenal-sidewinder-apt-group + + mod = find_token_modifiers_for_name('sub42') + self.assertIsNotNone(mod) + + source = b'LoadLibraryA' + transformed = mod.transform(source) + + self.assertEqual(transformed[0], b'\x8e\xb1\xa3\xa6\x8e\xab\xa4\xb4\xa3\xb4\xbb\x83') + + + # Example: + # - TrickBot (2021) - https://medium.com/walmartglobaltech/trickbot-crews-new-cobaltstrike-loader-32c72b78e81c + + mod = find_token_modifiers_for_name('sub-index1') + self.assertIsNotNone(mod) + + source = b'raw.githubusercontent.com' + transformed = mod.transform(source) + + self.assertEqual(transformed[0], b'\x73\x63\x7a\x32\x6c\x6f\x7b\x70\x7e\x6c\x80\x7f\x72\x80\x72\x7f\x7f\x86\x78\x82\x89\x44\x7a\x87\x86') + + + def testBytePatternModifiersAPI(self): + """Validate the API for pattern modifiers.""" + + mod = find_token_modifiers_for_name('plain') + self.assertIsNotNone(mod) + + source = [ b'ABC', b'01234' ] + transformed = mod.transform(source) + + self.assertEqual(len(source), len(transformed)) + self.assertEqual(source[0], transformed[0]) + self.assertEqual(source[1], transformed[1]) + + + mod = find_token_modifiers_for_name('xor') + self.assertIsNotNone(mod) + + source = [ b'ABC' ] + transformed = mod.transform(source, 0x20) + + self.assertEqual(transformed[0], b'abc') diff --git a/tests/analysis/scan/scanning_hex.py b/tests/analysis/scan/scanning_hex.py index 32979c8..4b0fda4 100644 --- a/tests/analysis/scan/scanning_hex.py +++ b/tests/analysis/scan/scanning_hex.py @@ -14,7 +14,7 @@ class TestRostScanningBinary(RostTestClass): rule = ''' rule test { - strings: + bytes: $a = { 41 } condition: @@ -31,7 +31,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 62 } condition: @@ -48,7 +48,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 66 } condition: @@ -65,7 +65,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?1 } condition: @@ -82,7 +82,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?2 } condition: @@ -99,7 +99,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?6 } condition: @@ -111,7 +111,7 @@ rule test { self.check_rule_success(rule, content=cnt) - def testLonelyPatternsNot(self): + def ___testLonelyPatternsNot(self): """Evaluate the most simple patterns (not version).""" cnt = MemoryContent(b'Abcdef') @@ -119,7 +119,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ~41 } condition: @@ -136,7 +136,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ~62 } condition: @@ -153,7 +153,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ~66 } condition: @@ -170,7 +170,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ~?1 } condition: @@ -187,7 +187,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ~?2 } condition: @@ -204,7 +204,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ~?6 } condition: @@ -224,7 +224,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 41 62 63 } condition: @@ -241,7 +241,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 2d 41 62 63 } condition: @@ -261,7 +261,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?1 6? ?3 } condition: @@ -281,7 +281,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 41 6? ?3 } condition: @@ -298,7 +298,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 4? 62 ?3 } condition: @@ -315,7 +315,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 4? ?2 63 } condition: @@ -332,7 +332,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 4? ?2 ?3 } condition: @@ -349,7 +349,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 2d 4? ?2 63 } condition: @@ -366,7 +366,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 2d 4? 62 ?3 2d } condition: @@ -383,7 +383,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 2? 41 6? 63 ?d } condition: @@ -403,7 +403,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 33 ?? 41 ?? 63 ?? 34 } condition: @@ -420,7 +420,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?? 33 ?? 41 ?? 63 ?? 34 ?? } condition: @@ -437,7 +437,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?? 33 [1-5] 63 ?? 34 ?? } condition: @@ -454,7 +454,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { [3-4] 41 ?? 63 ?? 34 ?? } condition: @@ -471,7 +471,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?? 33 ?? 41 ?? 63 [3-] } condition: @@ -491,7 +491,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?3 ?? 4? ?? 6? ?? ?4 } condition: @@ -508,7 +508,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?? ?3 ?? 4? ?? 6? ?? ?4 ?? } condition: @@ -525,7 +525,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?? ?3 [1-5] ?3 ?? ?4 ?? } condition: @@ -542,7 +542,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { [3-4] ?1 ?? ?3 ?? ?4 ?? } condition: @@ -559,7 +559,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ?? 3? ?? 4? ?? 6? [3-] } condition: @@ -579,7 +579,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 41 62 ( 63 | 64 | 65 ) } condition: @@ -596,7 +596,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ( 41 | f2 | f3 ) 62 63 } condition: @@ -613,7 +613,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 41 ( 61 | 62 | 63 ) 63 } condition: @@ -630,7 +630,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ( 41 62 63 | 42 62 63 | 43 62 63 ) } condition: @@ -643,14 +643,14 @@ rule test { def testPipedMaskedHexPatterns(self): - """Look for several patterns at once with piped definition.""" + """Look for several patterns at once with piped and masked definition.""" cnt = MemoryContent(b'123-Abc-456') rule = ''' rule test { - strings: + bytes: $a = { 4? 6? ( ?3 | ?4 | ?5 ) } condition: @@ -667,11 +667,11 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { ( ?1 | ?2 | ?3 ) 6? 6? } condition: - console.log("COUNTER: ", #a) and #a == 1 and @a[0] == 4 and !a[0] == 3 + #a == 1 and @a[0] == 4 and !a[0] == 3 } ''' @@ -684,7 +684,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = { 4? ( ?1 | ?2 | ?3 ) 6? } condition: @@ -696,12 +696,15 @@ rule test { self.check_rule_success(rule, content=cnt) + def testDuplicatedResultsFiltering(self): + """Filter duplicated results.""" + cnt = MemoryContent(b'123-Abc-456') rule = ''' rule test { - strings: + bytes: $a = { ( 4? ?2 ?3 | 4? 6? 6? | ?3 6? ?3 ) } condition: diff --git a/tests/analysis/scan/scanning_str.py b/tests/analysis/scan/scanning_str.py index ff36ca3..75427a7 100644 --- a/tests/analysis/scan/scanning_str.py +++ b/tests/analysis/scan/scanning_str.py @@ -14,7 +14,7 @@ class TestRostScanningStrings(RostTestClass): rule = ''' rule test { - strings: + bytes: $a = "Abc" condition: @@ -34,7 +34,7 @@ rule test { rule = r''' rule test { - strings: + bytes: $a = "\a\b\t\n\v\f\r\e\"\\\xff" condition: @@ -51,7 +51,7 @@ rule test { rule = r''' rule test { - strings: + bytes: $a = "\a\b\t\n--123--\v\f\r\e\"\\\xff" condition: @@ -71,7 +71,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = "ABC" hex condition: @@ -88,7 +88,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = "ABC" plain condition: @@ -105,7 +105,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = "ABC" rev condition: @@ -123,7 +123,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = "DEF" fullword $b = "123" fullword @@ -141,7 +141,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = "DEF" fullword $b = "123" fullword @@ -159,7 +159,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = "DEF" fullword $b = "123" fullword @@ -180,7 +180,7 @@ rule test { rule = ''' rule test { - strings: + bytes: $a = "Abc" nocase $b = "ABC123DEF456GHI" nocase $z = "z0z1z2z3z4z5z6z7z8z9" nocase diff --git a/tests/common/bitfield.py b/tests/common/bitfield.py index aff5de6..75dfb6e 100644 --- a/tests/common/bitfield.py +++ b/tests/common/bitfield.py @@ -231,6 +231,35 @@ class TestBitFields(ChrysalideTestCase): self.assertNotEqual(bf_a, bf_b) + def testSearchOfSetBit(self): + """Find the next set bit in a bit field.""" + + size = 128 + bf = BitField(size, 0) + + bits = [ 0, 1, 50, 63, 64, 65, 111 ] + + for b in bits: + bf.set(b, 1) + + prev = None + found = [] + + while prev is None or prev < size: + + if prev is None: + f = bf.find_next_set() + else: + f = bf.find_next_set(prev) + + if f < size: + found.append(f) + + prev = f + + self.assertEqual(found, bits) + + def testRealCase00(self): """Test bits in bitfields against other bitfields in a real case (#02).""" diff --git a/tests/plugins/encodings/all.py b/tests/plugins/encodings/all.py new file mode 100644 index 0000000..a856ccb --- /dev/null +++ b/tests/plugins/encodings/all.py @@ -0,0 +1,23 @@ + +from chrysacase import ChrysalideTestCase +from pychrysalide.plugins import encodings + +import base64 + + +class TestEncodingsModule(ChrysalideTestCase): + """TestCase for encodings plugin.""" + + def testBase64Encoding(self): + """Validate the base64 implementation.""" + + text = '0123456789abcdef' + + for i in range(len(text) + 1): + + src = text[:i].encode('ascii') + + encoded = encodings.base64_encode(src) + ref = base64.b64encode(src) + + self.assertEqual(encoded, ref) diff --git a/tests/plugins/kaitai/__init__.py b/tests/plugins/kaitai/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/plugins/kaitai/__init__.py diff --git a/tests/plugins/kaitai/language.py b/tests/plugins/kaitai/language.py index b1e8881..43b6185 100644 --- a/tests/plugins/kaitai/language.py +++ b/tests/plugins/kaitai/language.py @@ -1312,8 +1312,8 @@ instances: self.assertEqual(parsed.result_0.value.value, b'\x01\x02\x03\x04\x05\x06\x07\x08\x09') - self.assertEqual(type(parsed.result_1).__name__, 'RecordValue') # result_1 - self.assertEqual(type(parsed.result_1.value).__name__, 'RecordValue') # result_1.ref + self.assertEqual(type(parsed.result_1).__name__, 'RecordDelayed') # result_1 + self.assertEqual(type(parsed.result_1.value).__name__, 'RecordDelayed') # result_1.ref self.assertEqual(type(parsed.result_1.value.value).__name__, 'RecordList') # result_1.ref.table self.assertEqual(parsed.result_1.value.value[3].value, 0x04) diff --git a/tests/plugins/kaitai/rost.py b/tests/plugins/kaitai/rost.py new file mode 100644 index 0000000..4a29ef8 --- /dev/null +++ b/tests/plugins/kaitai/rost.py @@ -0,0 +1,170 @@ +#!/usr/bin/python3-dbg +# -*- coding: utf-8 -*- + +import locale + +from chrysacase import ChrysalideTestCase +from pychrysalide.analysis.contents import MemoryContent +from pychrysalide.analysis.scan import ContentScanner +from pychrysalide.analysis.scan import ScanOptions +from pychrysalide.analysis.scan.patterns.backends import AcismBackend +from pychrysalide import core +from pychrysalide.plugins.kaitai.parsers import KaitaiStruct +from pychrysalide.plugins.kaitai.rost import KaitaiTrigger + + +class TestScansWithKaitai(ChrysalideTestCase): + """TestCase for ROST scan with the KaitaiStruct parsing.""" + + @classmethod + def setUpClass(cls): + + super(TestScansWithKaitai, cls).setUpClass() + + cls._options = ScanOptions() + cls._options.backend_for_data = AcismBackend + + + def testSimpleKaitaiDefinitionForScanning(self): + """Rely on basic Kaitai simple definition for scanning.""" + + definitions = ''' +meta: + id: basic_test +seq: + - id: field0 + type: u1 +''' + + kstruct = KaitaiStruct(definitions) + + trigger = KaitaiTrigger(kstruct) + + root_ns = core.get_rost_root_namespace() + + ns = root_ns.resolve('kaitai') + ns.register_item(trigger) + + ns = ns.resolve('basic_test') + self.assertEqual(ns, trigger) + + cnt = MemoryContent(b'\x01\x02\x03') + + rule = ''' +rule testing { + + condition: + kaitai.basic_test.field0 == 1 + +} +''' + + scanner = ContentScanner(rule) + ctx = scanner.analyze(self._options, cnt) + + self.assertIsNotNone(ctx) + + self.assertFalse(ctx.has_match_for_rule('no_such_rule')) + + self.assertTrue(ctx.has_match_for_rule('testing')) + + + definitions = ''' +meta: + id: other_basic_test +seq: + - id: field0 + type: u1 + - id: field1 + type: u1 +''' + + kstruct = KaitaiStruct(definitions) + + trigger = KaitaiTrigger(kstruct) + + root_ns = core.get_rost_root_namespace() + + ns = root_ns.resolve('kaitai') + ns.register_item(trigger) + + ns = ns.resolve('other_basic_test') + self.assertEqual(ns, trigger) + + cnt = MemoryContent(b'\x01\x02\x03') + + rule = ''' +rule testing { + + condition: + kaitai.other_basic_test.field0 == 1 and kaitai.other_basic_test.field1 == 2 + +} +''' + + scanner = ContentScanner(rule) + ctx = scanner.analyze(self._options, cnt) + + self.assertIsNotNone(ctx) + + self.assertTrue(ctx.has_match_for_rule('testing')) + + + rule = ''' +rule testing { + + condition: + kaitai.other_basic_test.field0 == 1 and kaitai.other_basic_testXXXX.field1 == 2 + +} +''' + + scanner = ContentScanner(rule) + ctx = scanner.analyze(self._options, cnt) + + self.assertIsNotNone(ctx) + + self.assertFalse(ctx.has_match_for_rule('testing')) + + + def testKaitaiDefinitionWithListForScanning(self): + """Access list items from Kaitai definition when scanning with ROST.""" + + definitions = ''' +meta: + id: test_with_list +seq: + - id: field0 + type: u1 + repeat: eos +''' + + kstruct = KaitaiStruct(definitions) + + trigger = KaitaiTrigger(kstruct) + + root_ns = core.get_rost_root_namespace() + + ns = root_ns.resolve('kaitai') + ns.register_item(trigger) + + ns = ns.resolve('test_with_list') + self.assertEqual(ns, trigger) + + cnt = MemoryContent(b'\x01\x02\x03') + + rule = ''' +rule testing { + + condition: + kaitai.test_with_list.field0[0] == 1 and kaitai.test_with_list.field0[1] == 2 and kaitai.test_with_list.field0[2] == 3 + +} +''' + + scanner = ContentScanner(rule) + ctx = scanner.analyze(self._options, cnt) + + self.assertIsNotNone(ctx) + + self.assertTrue(ctx.has_match_for_rule('testing')) diff --git a/tools/fuzzing/rost/Makefile.am b/tools/fuzzing/rost/Makefile.am new file mode 100644 index 0000000..81e126f --- /dev/null +++ b/tools/fuzzing/rost/Makefile.am @@ -0,0 +1,14 @@ + +bin_PROGRAMS = fast-rost + + +AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/src + +# EXTRA_rost_DEPENDENCIES = libchrysacore.la + +fast_rost_SOURCES = \ + fast-rost.c + +fast_rost_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) + +fast_rost_LDFLAGS = $(LIBGOBJ_LIBS) -L$(top_srcdir)/src/.libs -lchrysacore diff --git a/tools/fuzzing/rost/convert.py b/tools/fuzzing/rost/convert.py new file mode 100644 index 0000000..b0ed90c --- /dev/null +++ b/tools/fuzzing/rost/convert.py @@ -0,0 +1,452 @@ + +import re +import sys + + +def define_PLAIN_TEXT(name, last): + """Create definition for the PLAIN_TEXT token.""" + + print(' "<%s>": [ ["\\\"", "<str_not_escaped>", "\\\""] ],' % name.lower()) + print(' "<str_not_escaped>": [ ["<char>"], ["<char>", "<char>"], ["<char>", "<char>", "<char>"] ],') + print(' "<char>": [ ["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"], ["A"], ["B"], ["C"], ["D"], ["E"], ["F"] ]%s' % (',' if not(last) else '')) + + +def define_IDENTIFIER(name, last): + """Create definition for the RULE_IDENTIFIER token.""" + + print(' "<%s>": [ [ "<id>", "<id>", "<id>", "<idx>" ] ],' % name.lower()) + print(' "<id>": [ ["a"], ["b"], ["c"], ["d"], ["e"], ["f"], ["g"], ["h"], ["i"], ["j"], ["k"], ["l"] ],') + print(' "<idx>": [ ["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"] ]%s' % (',' if not(last) else '')) + + +def define_SIGNED_INTEGER(name, last): + """Create definition for the SIGNED_INTEGER token.""" + + print(' "<%s>": [ ["-", "<unsigned_integer>"] ]%s' % (name.lower(), ',' if not(last) else '')) + + +def define_UNSIGNED_INTEGER(name, last): + """Create definition for the UNSIGNED_INTEGER token.""" + + print(' "<%s>": [ ["<fnumber>"], ["<number>", "<fnumber>"], ["<number>", "<fnumber>", "<fnumber>"] ],' % name.lower()) + print(' "<number>": [ ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"] ],') + print(' "<fnumber>": [ ["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"] ]%s' % (',' if not(last) else '')) + + +def define_BYTES_ID(name, last): + """Create definition for the BYTES_ID token.""" + + print(' "<%s>": [ ["$"], ["$*"], [ "$", "<id>", "<idx>" ], [ "$", "<id>", "*" ] ],' % name.lower()) + print(' "<id>": [ ["a"], ["b"], ["c"], ["d"], ["e"], ["f"], ["g"], ["h"], ["i"], ["j"], ["k"], ["l"] ],') + print(' "<idx>": [ ["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"] ]%s' % (',' if not(last) else '')) + + +def define_BYTES_ID_COUNTER(name, last): + """Create definition for the BYTES_ID_COUNTER token.""" + + print(' "<%s>": [ ["#"], ["#*"], [ "#", "<id>", "<idx>" ], [ "#", "<id>", "*" ] ],' % name.lower()) + print(' "<id>": [ ["a"], ["b"], ["c"], ["d"], ["e"], ["f"], ["g"], ["h"], ["i"], ["j"], ["k"], ["l"] ],') + print(' "<idx>": [ ["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"] ]%s' % (',' if not(last) else '')) + + +def define_BYTES_ID_START(name, last): + """Create definition for the BYTES_ID_START token.""" + + print(' "<%s>": [ ["@"], ["@*"], [ "@", "<id>", "<idx>" ], [ "@", "<id>", "*" ] ],' % name.lower()) + print(' "<id>": [ ["a"], ["b"], ["c"], ["d"], ["e"], ["f"], ["g"], ["h"], ["i"], ["j"], ["k"], ["l"] ],') + print(' "<idx>": [ ["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"] ]%s' % (',' if not(last) else '')) + + +def define_BYTES_ID_LENGTH(name, last): + """Create definition for the BYTES_ID_LENGTH token.""" + + print(' "<%s>": [ ["!"], ["!*"], [ "!", "<id>", "<idx>" ], [ "!", "<id>", "*" ] ],' % name.lower()) + print(' "<id>": [ ["a"], ["b"], ["c"], ["d"], ["e"], ["f"], ["g"], ["h"], ["i"], ["j"], ["k"], ["l"] ],') + print(' "<idx>": [ ["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"] ]%s' % (',' if not(last) else '')) + + +def define_BYTES_ID_END(name, last): + """Create definition for the BYTES_ID_END token.""" + + print(' "<%s>": [ ["~"], ["~*"], [ "~", "<id>", "<idx>" ], [ "~", "<id>", "*" ] ],' % name.lower()) + print(' "<id>": [ ["a"], ["b"], ["c"], ["d"], ["e"], ["f"], ["g"], ["h"], ["i"], ["j"], ["k"], ["l"] ],') + print(' "<idx>": [ ["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"] ]%s' % (',' if not(last) else '')) + + +def define_HEX_BYTES(name, last): + """Create definition for the HEX_BYTES token.""" + + print(' "<%s>": [ ["<hex>", "<hex>"] ],' % name.lower()) + print(' "<hex>": [ ["0"], ["1"], ["2"], ["3"], ["4"], ["5"], ["6"], ["7"], ["8"], ["9"], ["a"], ["b"], ["c"], ["d"], ["e"], ["f"] ]%s' % (',' if not(last) else '')) + + +def define_FULL_MASK(name, last): + """Create definition for the FULL_MASK token.""" + + print(' "<%s>": [ ["?", "?"] ]%s' % (name.lower(), ',' if not(last) else '')) + + +def define_SEMI_MASK(name, last): + """Create definition for the SEMI_MASK token.""" + + print(' "<%s>": [ ["?0"], ["1?"] ]%s' % (name.lower(), ',' if not(last) else '')) + + +def define_KB(name, last): + """Create definition for the KB token.""" + + print(' "<%s>": [ ["kb"], ["Kb"], ["kB"], ["KB"] ]%s' % (name.lower(), ',' if not(last) else '')) + + +def define_MB(name, last): + """Create definition for the MB token.""" + + print(' "<%s>": [ ["mb"], ["Mb"], ["mB"], ["MB"] ]%s' % (name.lower(), ',' if not(last) else '')) + + +def define_GB(name, last): + """Create definition for the GB token.""" + + print(' "<%s>": [ ["gb"], ["Gb"], ["gB"], ["GB"] ]%s' % (name.lower(), ',' if not(last) else '')) + + +__lexer_tokens = { + 'PLAIN_TEXT': define_PLAIN_TEXT, + 'ESCAPED_TEXT': define_PLAIN_TEXT, + 'RULE_IDENTIFIER': define_IDENTIFIER, + 'INFO_KEY': define_PLAIN_TEXT, + 'SIGNED_INTEGER': define_SIGNED_INTEGER, + 'UNSIGNED_INTEGER': define_UNSIGNED_INTEGER, + + 'BYTES_ID': define_BYTES_ID, + 'BYTES_FUZZY_ID': define_BYTES_ID, + 'BYTES_ID_COUNTER': define_BYTES_ID_COUNTER, + 'BYTES_FUZZY_ID_COUNTER': define_BYTES_ID_COUNTER, + 'BYTES_ID_START': define_BYTES_ID_START, + 'BYTES_FUZZY_ID_START': define_BYTES_ID_START, + 'BYTES_ID_LENGTH': define_BYTES_ID_LENGTH, + 'BYTES_FUZZY_ID_LENGTH': define_BYTES_ID_LENGTH, + 'BYTES_ID_END': define_BYTES_ID_END, + 'BYTES_FUZZY_ID_END': define_BYTES_ID_END, + + 'NAME': define_PLAIN_TEXT, + 'HEX_BYTES': define_HEX_BYTES, + 'FULL_MASK': define_FULL_MASK, + 'SEMI_MASK': define_SEMI_MASK, + 'REGEX_BYTES': define_PLAIN_TEXT, + 'REGEX_CLASSES': define_PLAIN_TEXT, + 'REGEX_RANGE': define_PLAIN_TEXT, + 'KB': define_KB, + 'MB': define_MB, + 'GB': define_GB, +} + + +def remove_grammar_comments(grammar): + """Delete all the C code comments.""" + + # Cf. https://stackoverflow.com/questions/241327/remove-c-and-c-comments-using-python/241506#241506 + + def replacer(match): + s = match.group(0) + if s.startswith('/'): + return ' ' # note: a space and not an empty string + else: + return s + + regex = re.compile( + r'//.*?$|/\*.*?\*/|\'(?:\\.|[^\\\'])*\'|"(?:\\.|[^\\"])*"', + re.DOTALL | re.MULTILINE + ) + + return regex.sub(replacer, grammar) + + +def remove_grammar_actions(grammar): + """Delete all the C code handling tokens.""" + + remaining = '' + + scope = 0 + string = False + + for ch in grammar: + + if ch == '{' and not(string): + scope += 1 + + elif ch == '}' and not(string): + assert(scope > 0) + scope -= 1 + + elif scope == 0: + remaining += ch + if ch == '"': + string = not(string) + + return remaining + + +def is_upper(text): + """State if a string is upper case.""" + + return text.upper() == text + + +def parse_rule_definition(grammar): + """Process the definition of one rule.""" + + result = [] + + regex = re.compile('(?<!")\|') + + definitions = regex.split(grammar) + + definitions = [ d.strip() for d in definitions ] + + for d in definitions: + + tokens = d.split() + + converted = [] + + for t in tokens: + + if not(t.startswith('"')) and is_upper(t): + + if not(t in __lexer_tokens.keys()): + print('Missing def:', t) + sys.exit() + + assert(t in __lexer_tokens.keys()) + + converted.append('"<%s>"' % t.lower()) + + else: + + if t.startswith('"'): + converted.append('%s' % t) + else: + converted.append('"<%s>"' % t) + + result.append(converted) + + return result + + +def parse_rules(grammar): + """Process all the rules contained in the grammar.""" + + tree = {} + + regex = re.compile('[\n\t ]*([^\n\t :]+)[\n\t ]*:([^;]+);') + + rules = regex.findall(grammar) + + first = True + + for r in rules: + + if first: + print(' "<START>": [ ["<%s>"] ],' % r[0]) + first = False + + definitions = parse_rule_definition(r[1]) + + tree[r[0]] = definitions + + return tree + + +def simplify_tree(tree): + """Remove nodes which only are links between two levels of nodes.""" + + """ + a = [ [b] ] + b = [ [c], [d] ] + + -> replace a by b + """ + + # Examples: cexpression, modifier_arg + + replaced = {} + + for k, v in tree.items(): + + if len(v) == 1 and len(v[0]) == 1: + + replaced['"<%s>"' % k] = v[0][0] + + new_tree = {} + + for k, v in tree.items(): + + name = '"<%s>"' % k + + if not(name in replaced.keys()): + + new_v = [] + + for vv in v: + + new_vv = vv + + for rk, rv in replaced.items(): + new_vv = list(map(lambda x: x.replace(rk, rv), new_vv)) + + new_v.append(new_vv) + + new_tree[k] = new_v + + return new_tree + + +def find_direct_parent_nodes(tree, name): + """Find all the rules containing a rule.""" + + rules = [] + + name = '"<%s>"' % name + + for k, v in tree.items(): + + for vv in v: + + if len(vv) == 1 and vv[0] == name and not(k in rules): + + rules.append(k) + + return rules + + +def remove_indirect_left_recursion(tree): + """Remove all nodes which implies indirect left recursion.""" + + """ + a = b + b = a + c + + -> a = a + c + """ + + # Examples: logical_expr, relational_expr, string_op, arithm_expr, intersection + + replaced = {} + + for k, v in tree.items(): + + parents = find_direct_parent_nodes(tree, k) + + if len(parents) != 1: + continue + + parent = parents[0] + + for vv in v: + + if vv[0] == '"<%s>"' % parent: + replaced[k] = v + break + + new_tree = {} + + for k, v in tree.items(): + + if not(k in replaced.keys()): + + new_v = [] + + for vv in v: + + if len(vv) != 1: + new_v.append(vv) + + else: + + modified = False + + for rk, rv in replaced.items(): + if '"<%s>"' % rk == vv[0]: + new_v += rv + modified = True + break + + if not(modified): + new_v.append(vv) + + new_tree[k] = new_v + + return new_tree + + +def output_rules(tree): + """Output a translated rule.""" + + for k, v in tree.items(): + + print(' "<%s>": [' % k, end='') + + first = True + + for d in v: + + if not(first): + print(',', end='') + + if len(d) == 0: + print(' []', end='') + + else: + + print(' [', end='') + + sub_first = True + + for sub_d in d: + + if not(sub_first): + print(', ', end='') + + print('%s' % sub_d, end='') + + sub_first = False + + print(']', end='') + + first = False + + print(' ],') + + +if __name__ == '__main__': + """Script entrypoint.""" + + # Cf. https://github.com/AFLplusplus/Grammar-Mutator/blob/stable/doc/customizing-grammars.md + + with open(sys.argv[1], 'r') as fd: + grammar = fd.read() + + grammar = grammar.split('%%')[1] + + grammar = remove_grammar_comments(grammar) + + grammar = remove_grammar_actions(grammar) + + print('{') + + tree = parse_rules(grammar) + + tree = simplify_tree(tree) + + tree = remove_indirect_left_recursion(tree) + + output_rules(tree) + + count = len(__lexer_tokens.keys()) + + for name, cb in __lexer_tokens.items(): + cb(name, count == 1) + count -= 1 + + print('}') diff --git a/tools/fuzzing/rost/fast-rost.c b/tools/fuzzing/rost/fast-rost.c new file mode 100644 index 0000000..f161273 --- /dev/null +++ b/tools/fuzzing/rost/fast-rost.c @@ -0,0 +1,283 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fast-rost.c - fichier d'entrée du centre de collecte, adapté pour un fuzzing optimal + * + * Copyright (C) 2023 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include <assert.h> +#include <getopt.h> +#include <libgen.h> +#include <locale.h> +#include <malloc.h> +#include <stdlib.h> +#include <string.h> + + +#include <i18n.h> + + +#include <analysis/contents/file.h> +#include <analysis/scan/options.h> +#include <analysis/scan/scanner.h> +#include <analysis/scan/patterns/backends/bitap.h> +#include <analysis/scan/patterns/backends/acism.h> +#include <core/core.h> +#include <core/global.h> +#include <core/logs.h> +#include <core/paths.h> +#include <plugins/pglist.h> + + + +#ifndef __AFL_FUZZ_TESTCASE_LEN + +ssize_t fuzz_len; +unsigned char fuzz_buf[1024000]; + +# define __AFL_FUZZ_TESTCASE_LEN fuzz_len +# define __AFL_FUZZ_TESTCASE_BUF fuzz_buf +# define __AFL_FUZZ_INIT() void sync(void); +# define __AFL_LOOP(x) \ + ((fuzz_len = read(0, fuzz_buf, sizeof(fuzz_buf))) > 0 ? 1 : 0) +# define __AFL_INIT() sync() + +#endif + + +__AFL_FUZZ_INIT(); + + +/****************************************************************************** +* * +* Paramètres : argc = nombre d'arguments dans la ligne de commande. * +* argv = arguments de la ligne de commande. * +* * +* Description : Point d'entrée du programme. * +* * +* Retour : EXIT_SUCCESS si le prgm s'est déroulé sans encombres. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int main(int argc, char **argv) +{ + int result; /* Bilan de l'exécution */ + bool check_only; /* Validation uniquement */ + LogMessageType verbosity; /* Niveau de filtre de message */ + GScanOptions *options; /* Options d'analyses */ + int index; /* Indice d'argument */ + int ret; /* Bilan d'un appel */ + char *edir; /* Répertoire de base effectif */ + char *target; /* Cible communiquée */ + unsigned char *afl_buf; /* Tampon de travail d'AFL */ + int afl_len; /* Taille de ce tampon */ + GContentScanner *scanner; /* Encadrement d'une recherche */ + GBinContent *content; /* Contenu à analyser */ + GScanContext *context; /* Contexte des trouvailles */ + sized_string_t padding; /* Bourrage pour le JSON */ + bool full; /* Détailler l'affichage ? */ + + static struct option long_options[] = { + { "algorithm", required_argument, NULL, 'A' }, + { "check-only", no_argument, NULL, 'C' }, + { "print-json", no_argument, NULL, 'j' }, + { "print-strings", no_argument, NULL, 's' }, + { "print-stats", no_argument, NULL, 'S' }, + { "print-tags", no_argument, NULL, 'g' }, + { "tag", required_argument, NULL, 't' }, + { "verbosity", required_argument, NULL, 'V' }, + { NULL, 0, NULL, 0 } + }; + + result = EXIT_FAILURE; + + /* Décodage des options */ + + check_only = false; + verbosity = LMT_COUNT; + + options = g_scan_options_new(); + + g_scan_options_set_backend_for_data(options, G_TYPE_ACISM_BACKEND); + + while (true) + { + ret = getopt_long(argc, argv, "A:CjsSgt:V:", long_options, &index); + if (ret == -1) break; + + switch (ret) + { + case 'A': + if (strcmp(optarg, "bitmap") == 0) + g_scan_options_set_backend_for_data(options, G_TYPE_BITAP_BACKEND); + else if (strcmp(optarg, "acism") == 0) + g_scan_options_set_backend_for_data(options, G_TYPE_ACISM_BACKEND); + else + g_scan_options_set_backend_for_data(options, G_TYPE_INVALID); + break; + + case 'C': + check_only = true; + g_scan_options_set_check_only(options, true); + break; + + case 'j': + g_scan_options_set_print_json(options, true); + break; + + case 's': + g_scan_options_set_print_strings(options, true); + break; + + case 'S': + g_scan_options_set_print_stats(options, true); + break; + + case 'g': + g_scan_options_set_print_tags(options, true); + break; + + case 't': + g_scan_options_select_tag(options, optarg); + break; + + case 'V': + verbosity = strtoul(optarg, NULL, 10); + break; + + } + + } + + if ((check_only && (optind + 0) != argc && (optind + 1) != argc) + || (!check_only && (optind + 1) != argc && (optind + 2) != argc)) + { + goto done; + } + + /* Actions de base */ + + if (g_scan_options_get_backend_for_data(options) == G_TYPE_INVALID) + { + goto done; + } + + /* Lancement des choses sérieuses */ + + setlocale(LC_ALL, ""); + edir = get_effective_directory(LOCALE_DIR); + bindtextdomain(PACKAGE, edir); + free(edir); + textdomain(PACKAGE); + + /* Initialisation de GTK */ + g_set_prgname("ROST"); + //gtk_init(&argc, &argv); + + /* Initialisation du programme */ + + set_batch_mode(); + + set_log_verbosity(verbosity); + + if (!load_all_core_components(true)) + goto done; + + init_all_plugins(true); + + /* Traitement des recherches */ + + if ((optind + 1) == argc) + target = argv[optind]; + else + goto done; + + __AFL_INIT(); + + afl_buf = __AFL_FUZZ_TESTCASE_BUF; + + while (__AFL_LOOP(10000)) + { + afl_len = __AFL_FUZZ_TESTCASE_LEN; + + scanner = g_content_scanner_new_from_text((char *)afl_buf, afl_len); + +#if 0 + do + { + FILE *stream; + + stream = fopen("/dev/shm/ctrl.log", "a"); + fprintf(stream, "running %d bytes => %p\n", afl_len, scanner); + fclose(stream); + + } while (0); +#endif + + if (scanner != NULL) + result = EXIT_SUCCESS; + + if (scanner != NULL && !check_only) + { + content = g_file_content_new(target); + if (content == NULL) goto bad_file_content; + + context = g_content_scanner_analyze(scanner, options, content); + + if (g_scan_options_get_print_json(options)) + { + padding.data = " "; + padding.len = 3; + + g_content_scanner_output_to_json(scanner, context, &padding, 0, STDOUT_FILENO); + + } + else + { + full = g_scan_options_get_print_strings(options); + + g_content_scanner_output_to_text(scanner, context, full, STDOUT_FILENO); + + } + + g_object_unref(G_OBJECT(context)); + g_object_unref(G_OBJECT(content)); + + bad_file_content: + + g_object_unref(G_OBJECT(scanner)); + + } + + } + + g_object_unref(G_OBJECT(options)); + + /* Sortie */ + + unload_all_core_components(false); + + done: + + return result; + +} diff --git a/tools/fuzzing/rost/gen-dict.sh b/tools/fuzzing/rost/gen-dict.sh new file mode 100755 index 0000000..dfebc0a --- /dev/null +++ b/tools/fuzzing/rost/gen-dict.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +TOP_DIR="$SCRIPT_DIR/../../.." +OUTPUT="$SCRIPT_DIR/rost.dict" + + +echo > "$OUTPUT" + + +echo "# Syntax core keywords" >> "$OUTPUT" + +cat "$TOP_DIR/src/analysis/scan/grammar.y" | \ + grep '%token.*".*' | grep -o -E '"[^"]+"' | sort >> "$OUTPUT" + + +echo >> "$OUTPUT" +echo "# Modifiers" >> "$OUTPUT" + +"$TOP_DIR/src/rost" --dump-modifiers | sort | sed -e 's/^/"/' -e 's/$/"/' >> "$OUTPUT" + + +echo >> "$OUTPUT" +echo "# Namespace" >> "$OUTPUT" + +"$TOP_DIR/src/rost" --dump-namespaces | sort | sed -e 's/^/"/' -e 's/$/"/' >> "$OUTPUT" + + +echo >> "$OUTPUT" +echo "# Identifiers" >> "$OUTPUT" + +for t in "$" "#" "@" "!" "~" ; +do + echo "\"${t}a0\"" >> "$OUTPUT" + echo "\"${t}a1\"" >> "$OUTPUT" + echo "\"${t}b\"" >> "$OUTPUT" + echo "\"${t}c\"" >> "$OUTPUT" + echo "\"${t}a*\"" >> "$OUTPUT" + echo "\"${t}*\"" >> "$OUTPUT" + echo "\"${t}\"" >> "$OUTPUT" + +done + + +echo >> "$OUTPUT" +echo "# Numbers" >> "$OUTPUT" + +for i in $( seq 0 32 ); +do + echo -$(( 2 ** i - 1 )) ; + echo -$(( 2 ** i )) ; + echo -$(( 2 ** i + 1 )) ; + + echo $(( 2 ** i - 1 )) ; + echo $(( 2 ** i )) ; + echo $(( 2 ** i + 1 )) ; + +done | sort | uniq | sort -n >> "$OUTPUT" + + +echo >> "$OUTPUT" +echo "# Misc" >> "$OUTPUT" + +echo "\"kb\"" >> "$OUTPUT" +echo "\"mb\"" >> "$OUTPUT" +echo "\"gb\"" >> "$OUTPUT" + +echo "\"a0\"" >> "$OUTPUT" +echo "\"a1\"" >> "$OUTPUT" +echo "\"b\"" >> "$OUTPUT" +echo "\"c\"" >> "$OUTPUT" + +echo "\"\\\"abcdef\\\"\"" >> "$OUTPUT" +echo "\"\\\"azerty\\\"\"" >> "$OUTPUT" +echo "\"\\\"qwertyqwerty\\\"\"" >> "$OUTPUT" +echo "\"??\"" >> "$OUTPUT" +echo "\"0?\"" >> "$OUTPUT" +echo "\"?a\"" >> "$OUTPUT" + +echo >> "$OUTPUT" diff --git a/tools/fuzzing/rost/minall.sh b/tools/fuzzing/rost/minall.sh new file mode 100755 index 0000000..e32777d --- /dev/null +++ b/tools/fuzzing/rost/minall.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +if [ -z "$FUZ_OUT" ]; then + echo "$0 needs a \$FUZ_OUT environment variable!" + exit 1 +fi + + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +MIN_DIR="$SCRIPT_DIR/min" + + +mkdir -p "$MIN_DIR" + +find "$FUZ_OUT/default/crashes/" -name 'id*' | while read f; +do + + id=$( echo $f | cut -d: -f2 | cut -d, -f1 ) + + h=$( sha256sum $f | cut -d " " -f1 ) + + afl-tmin -i "$f" -o "$MIN_DIR/$id-$h.rost" -- /dev/shm/fuzzing-sys/bin/fast-rost /bin/ls + +done diff --git a/tools/fuzzing/rost/rerun.sh b/tools/fuzzing/rost/rerun.sh new file mode 100755 index 0000000..3e75189 --- /dev/null +++ b/tools/fuzzing/rost/rerun.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +TOP_DIR="$SCRIPT_DIR/../../.." +MIN_DIR="$SCRIPT_DIR/min" + + +find "$MIN_DIR" -type f -name '*rost' | while read f; +do + echo "=========== $f" + + "$TOP_DIR/src/rost" $f /bin/ls + + status=$? + + if [ $status -le 2 ]; then + rm $f + fi + + sleep 1s + +done + + + + diff --git a/tools/fuzzing/rost/test.rost b/tools/fuzzing/rost/test.rost new file mode 100644 index 0000000..02daabe --- /dev/null +++ b/tools/fuzzing/rost/test.rost @@ -0,0 +1,12 @@ + +rule basic { + + bytes: + $a = "ABC" base64 + $b = "12" + $c = { 00 01 f0 ff ff [0-9] 23 } + + condition: + (#a == 123 or $b or $c) and console.log(maxcommon(modpath($a, $b))) + +} diff --git a/tools/maint/extra.supp b/tools/maint/extra.supp new file mode 100644 index 0000000..58cbd32 --- /dev/null +++ b/tools/maint/extra.supp @@ -0,0 +1,777 @@ + +# ==2020629== 64 bytes in 1 blocks are still reachable in loss record 516 of 1,020 +# ==2020629== at 0x48406C4: malloc (vg_replace_malloc.c:380) +# ==2020629== by 0x49044CD: g_realloc (gmem.c:201) +# ==2020629== by 0x48EBCDC: g_hash_table_realloc_key_or_value_array (ghash.c:382) +# ==2020629== by 0x48EBCDC: g_hash_table_setup_storage (ghash.c:591) +# ==2020629== by 0x48EC6C8: g_hash_table_new_full (ghash.c:1085) +# ==2020629== by 0x48EC6F0: g_hash_table_new (ghash.c:1036) +# ==2020629== by 0x48E84A4: g_error_init (gerror.c:525) +# ==2020629== by 0x48FA392: glib_init (glib-init.c:342) +# ==2020629== by 0x48FA3A0: glib_init_ctor (glib-init.c:455) +# ==2020629== by 0x4004ABD: call_init (dl-init.c:70) +# ==2020629== by 0x4004ABD: call_init (dl-init.c:26) +# ==2020629== by 0x4004BA3: _dl_init (dl-init.c:117) +# ==2020629== by 0x401AA5F: ??? (in /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2) +# ==2020629== by 0x2: ??? +# ==2020629== by 0x1FFF0002B2: ??? +# ==2020629== by 0x1FFF0002C3: ??? +# ==2020629== by 0x1FFF0002CF: ??? +# ==2020629== + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + fun:g_realloc + fun:g_hash_table_realloc_key_or_value_array + fun:g_hash_table_setup_storage + fun:g_hash_table_new_full + fun:g_hash_table_new + fun:g_error_init + fun:glib_init + fun:glib_init_ctor + fun:call_init + fun:call_init + fun:_dl_init + ... +} + + +# ==1996673== 32 bytes in 1 blocks are still reachable in loss record 415 of 1,026 +# ==1996673== at 0x48455EF: calloc (vg_replace_malloc.c:1328) +# ==1996673== by 0x490447A: g_malloc0 (gmem.c:163) +# ==1996673== by 0x490466E: g_malloc0_n (gmem.c:404) +# ==1996673== by 0x48EBCF1: g_hash_table_setup_storage (ghash.c:593) +# ==1996673== by 0x48EC6C8: g_hash_table_new_full (ghash.c:1085) +# ==1996673== by 0x48EC6F0: g_hash_table_new (ghash.c:1036) +# ==1996673== by 0x48E84A4: g_error_init (gerror.c:525) +# ==1996673== by 0x48FA392: glib_init (glib-init.c:342) +# ==1996673== by 0x48FA3A0: glib_init_ctor (glib-init.c:455) +# ==1996673== by 0x4004ABD: call_init (dl-init.c:70) +# ==1996673== by 0x4004ABD: call_init (dl-init.c:26) +# ==1996673== by 0x4004BA3: _dl_init (dl-init.c:117) +# ==1996673== by 0x401AA5F: ??? (in /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2) +# ==1996673== by 0x2: ??? +# ==1996673== by 0x1FFF0002B2: ??? +# ==1996673== by 0x1FFF0002C3: ??? +# ==1996673== by 0x1FFF0002CF: ??? +# ==1996673== + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:calloc + fun:g_malloc0 + fun:g_malloc0_n + fun:g_hash_table_setup_storage + fun:g_hash_table_new_full + fun:g_hash_table_new + fun:g_error_init + fun:glib_init + fun:glib_init_ctor + fun:call_init + fun:call_init + fun:_dl_init + ... +} + + +# ==1995462== 88 bytes in 1 blocks are still reachable in loss record 729 of 1,026 +# ==1995462== at 0x48815F4: type_node_any_new_W (gtype.c:457) +# ==1995462== by 0x4881770: type_node_fundamental_new_W (gtype.c:564) +# ==1995462== by 0x4883A1B: g_type_register_fundamental (gtype.c:2748) +# ==1995462== by 0x488B1E1: _g_value_types_init (gvaluetypes.c:529) +# ==1995462== by 0x4886E9B: gobject_init (gtype.c:4521) +# ==1995462== by 0x4886F31: gobject_init_ctor (gtype.c:4636) +# ==1995462== by 0x4004ABD: call_init (dl-init.c:70) +# ==1995462== by 0x4004ABD: call_init (dl-init.c:26) +# ==1995462== by 0x4004BA3: _dl_init (dl-init.c:117) +# ==1995462== by 0x401AA5F: ??? (in /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2) +# ==1995462== by 0x2: ??? +# ==1995462== by 0x1FFF0002B2: ??? +# ==1995462== by 0x1FFF0002C3: ??? +# ==1995462== by 0x1FFF0002CF: ??? +# ==1995462== + +{ + Code in type_data_unref_U is disabled + Memcheck:Leak + match-leak-kinds: reachable + fun:type_node_any_new_W + fun:type_node_fundamental_new_W + fun:g_type_register_fundamental + fun:*_init + fun:gobject_init + fun:gobject_init_ctor + fun:call_init + fun:call_init + fun:_dl_init + ... +} + + +# ==1995681== 96 bytes in 1 blocks are still reachable in loss record 745 of 1,026 +# ==1995681== at 0x48407B4: malloc (vg_replace_malloc.c:381) +# ==1995681== by 0x4904422: g_malloc (gmem.c:130) +# ==1995681== by 0x491A9B1: g_slice_alloc (gslice.c:1074) +# ==1995681== by 0x48EC68A: g_hash_table_new_full (ghash.c:1073) +# ==1995681== by 0x48EC6F0: g_hash_table_new (ghash.c:1036) +# ==1995681== by 0x48E84A4: g_error_init (gerror.c:525) +# ==1995681== by 0x48FA392: glib_init (glib-init.c:342) +# ==1995681== by 0x48FA3A0: glib_init_ctor (glib-init.c:455) +# ==1995681== by 0x4004ABD: call_init (dl-init.c:70) +# ==1995681== by 0x4004ABD: call_init (dl-init.c:26) +# ==1995681== by 0x4004BA3: _dl_init (dl-init.c:117) +# ==1995681== by 0x401AA5F: ??? (in /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2) +# ==1995681== by 0x2: ??? +# ==1995681== by 0x1FFF0002B2: ??? +# ==1995681== by 0x1FFF0002C3: ??? +# ==1995681== by 0x1FFF0002CF: ??? +# ==1995681== + +{ + Code in type_data_unref_U is disabled + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + fun:g_malloc + fun:g_slice_alloc + fun:g_hash_table_new_full + fun:g_hash_table_new + fun:g_error_init + fun:glib_init + fun:glib_init_ctor + fun:call_init + fun:call_init + fun:_dl_init + ... +} + + +# ==1995732== 88 bytes in 1 blocks are still reachable in loss record 721 of 1,026 +# ==1995732== at 0x48815F4: type_node_any_new_W (gtype.c:457) +# ==1995732== by 0x4881770: type_node_fundamental_new_W (gtype.c:564) +# ==1995732== by 0x4886E35: gobject_init (gtype.c:4504) +# ==1995732== by 0x4886F31: gobject_init_ctor (gtype.c:4636) +# ==1995732== by 0x4004ABD: call_init (dl-init.c:70) +# ==1995732== by 0x4004ABD: call_init (dl-init.c:26) +# ==1995732== by 0x4004BA3: _dl_init (dl-init.c:117) +# ==1995732== by 0x401AA5F: ??? (in /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2) +# ==1995732== by 0x2: ??? +# ==1995732== by 0x1FFF0002B2: ??? +# ==1995732== by 0x1FFF0002C3: ??? +# ==1995732== by 0x1FFF0002CF: ??? +# ==1995732== + +{ + Code in type_data_unref_U is disabled + Memcheck:Leak + match-leak-kinds: reachable + fun:type_node_any_new_W + fun:type_node_fundamental_new_W + fun:gobject_init + fun:gobject_init_ctor + fun:call_init + fun:call_init + fun:_dl_init + ... +} + + +###################################################### + + +# ==1994638== 88 bytes in 1 blocks are still reachable in loss record 740 of 1,026 +# ==1994638== at 0x48815F4: type_node_any_new_W (gtype.c:457) +# ==1994638== by 0x4881770: type_node_fundamental_new_W (gtype.c:564) +# ==1994638== by 0x4883A1B: g_type_register_fundamental (gtype.c:2748) +# ==1994638== by 0x486C204: _g_object_type_init (gobject.c:456) +# ==1994638== by 0x4886EAF: gobject_init (gtype.c:4537) +# ==1994638== by 0x4886F31: gobject_init_ctor (gtype.c:4636) +# ==1994638== by 0x4004ABD: call_init (dl-init.c:70) +# ==1994638== by 0x4004ABD: call_init (dl-init.c:26) +# ==1994638== by 0x4004BA3: _dl_init (dl-init.c:117) +# ==1994638== by 0x401AA5F: ??? (in /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2) +# ==1994638== by 0x2: ??? +# ==1994638== by 0x1FFF0002B2: ??? +# ==1994638== by 0x1FFF0002C3: ??? +# ==1994638== by 0x1FFF0002CF: ??? +# ==1994638== + +# g_type_free_instance / g_type_class_unref / type_data_unref_U (cf. glib2.0-2.74.6/gobject/gtype.c) + +{ + Code in type_data_unref_U is disabled + Memcheck:Leak + match-leak-kinds: reachable + fun:type_node_any_new_W + fun:type_node_fundamental_new_W + fun:g_type_register_fundamental + fun:_g_object_type_init + fun:gobject_init + fun:gobject_init_ctor + fun:call_init + fun:call_init + fun:_dl_init + ... +} + + +# ==1994765== 8 bytes in 1 blocks are still reachable in loss record 14 of 1,026 +# ==1994765== at 0x485FAD8: freelist_alloc (gatomicarray.c:85) +# ==1994765== by 0x485FB28: _g_atomic_array_copy (gatomicarray.c:147) +# ==1994765== by 0x48810CE: iface_node_set_offset_L (gtype.c:1371) +# ==1994765== by 0x4881318: type_node_add_iface_entry_W (gtype.c:1456) +# ==1994765== by 0x4882417: type_add_interface_Wm (gtype.c:1501) +# ==1994765== by 0x4884B69: g_type_add_interface_static (gtype.c:2939) +# ==1994765== by 0x4A73709: g_arch_instruction_get_type_once (instruction.c:122) +# ==1994765== by 0x4A73662: g_arch_instruction_get_type (instruction.c:122) +# ==1994765== by 0x4A7DBED: g_raw_instruction_get_type_once (raw.c:105) +# ==1994765== by 0x4A7DBAA: g_raw_instruction_get_type (raw.c:105) +# ==1994765== by 0x4A8FED8: register_arch_gtypes (processors.c:80) +# ==1994765== by 0x4A8E4C4: load_all_core_components (core.c:123) +# ==1994765== by 0x10AAD1: main (rost.c:369) +# ==1994765== + +# g_type_free_instance / g_type_class_unref / type_data_unref_U (cf. glib2.0-2.74.6/gobject/gtype.c) + +{ + Code in type_data_unref_U is disabled + Memcheck:Leak + match-leak-kinds: reachable + fun:freelist_alloc + fun:_g_atomic_array_copy + fun:iface_node_set_offset_L + fun:type_node_add_iface_entry_W + fun:type_add_interface_Wm + fun:g_type_add_interface_static + ... +} + + +# ==1995318== 184 bytes in 1 blocks are still reachable in loss record 991 of 1,026 +# ==1995318== at 0x484582F: realloc (vg_replace_malloc.c:1437) +# ==1995318== by 0x49044CD: g_realloc (gmem.c:201) +# ==1995318== by 0x49046E4: g_realloc_n (gmem.c:433) +# ==1995318== by 0x488150E: type_node_any_new_W (gtype.c:516) +# ==1995318== by 0x488184A: type_node_new_W (gtype.c:582) +# ==1995318== by 0x48857D3: g_type_register_dynamic (gtype.c:2900) +# ==1995318== by 0x4AA8962: g_dynamic_types_register_type (dt.c:383) +# ==1995318== by 0x4AA8AC1: build_dynamic_type (dt.c:483) +# ==1995318== by 0x4AAABDA: g_plugin_module_new (plugin.c:506) +# ==1995318== by 0x4AA90C0: browse_directory_for_plugins (pglist.c:272) +# ==1995318== by 0x4AA90B2: browse_directory_for_plugins (pglist.c:268) +# ==1995318== by 0x4AA90B2: browse_directory_for_plugins (pglist.c:268) +# ==1995318== by 0x4AA8C33: init_all_plugins (pglist.c:86) +# ==1995318== by 0x10AAE6: main (rost.c:372) +# ==1995318== + +{ + Code in type_data_unref_U is disabled + Memcheck:Leak + match-leak-kinds: reachable + fun:realloc + fun:g_realloc + fun:g_realloc_n + fun:type_node_any_new_W + fun:type_node_new_W + fun:g_type_register_dynamic + ... +} + + +# ==1995789== 2,048 bytes in 1 blocks are still reachable in loss record 1,020 of 1,026 +# ==1995789== at 0x484582F: realloc (vg_replace_malloc.c:1437) +# ==1995789== by 0x49044CD: g_realloc (gmem.c:201) +# ==1995789== by 0x48EC1A6: g_hash_table_realloc_key_or_value_array (ghash.c:382) +# ==1995789== by 0x48EC1A6: realloc_arrays (ghash.c:724) +# ==1995789== by 0x48EC283: g_hash_table_resize (ghash.c:877) +# ==1995789== by 0x48EC308: g_hash_table_maybe_resize (ghash.c:917) +# ==1995789== by 0x48EC460: g_hash_table_insert_node (ghash.c:1370) +# ==1995789== by 0x48EC4B3: g_hash_table_insert_internal (ghash.c:1629) +# ==1995789== by 0x48ECD1D: g_hash_table_insert (ghash.c:1658) +# ==1995789== by 0x4881561: type_node_any_new_W (gtype.c:528) +# ==1995789== by 0x488184A: type_node_new_W (gtype.c:582) +# ==1995789== by 0x48857D3: g_type_register_dynamic (gtype.c:2900) +# ==1995789== by 0x4AA8962: g_dynamic_types_register_type (dt.c:383) +# ==1995789== by 0x4AA8AC1: build_dynamic_type (dt.c:483) +# ==1995789== by 0x4AAABDA: g_plugin_module_new (plugin.c:506) +# ==1995789== by 0x4AA90C0: browse_directory_for_plugins (pglist.c:272) +# ==1995789== by 0x4AA90B2: browse_directory_for_plugins (pglist.c:268) +# ==1995789== by 0x4AA90B2: browse_directory_for_plugins (pglist.c:268) +# ==1995789== by 0x4AA8C33: init_all_plugins (pglist.c:86) +# ==1995789== by 0x10AAE6: main (rost.c:372) +# ==1995789== + +{ + Code in type_data_unref_U is disabled + Memcheck:Leak + match-leak-kinds: reachable + fun:realloc + fun:g_realloc + fun:g_hash_table_realloc_key_or_value_array + fun:realloc_arrays + fun:g_hash_table_resize + fun:g_hash_table_maybe_resize + fun:g_hash_table_insert_node + fun:g_hash_table_insert_internal + fun:g_hash_table_insert + fun:type_node_any_new_W + fun:type_node_new_W + fun:g_type_register_dynamic + ... +} + + +# ==1995842== 56 bytes in 1 blocks are still reachable in loss record 518 of 1,026 +# ==1995842== at 0x485FAD8: freelist_alloc (gatomicarray.c:85) +# ==1995842== by 0x485FB57: _g_atomic_array_copy (gatomicarray.c:141) +# ==1995842== by 0x48816AB: type_node_any_new_W (gtype.c:500) +# ==1995842== by 0x488184A: type_node_new_W (gtype.c:582) +# ==1995842== by 0x4883C8A: g_type_register_static (gtype.c:2853) +# ==1995842== by 0x4883D4C: g_type_register_static_simple (gtype.c:2806) +# ==1995842== by 0x21266631: ??? +# ==1995842== by 0x212665C1: ??? +# ==1995842== by 0x20F18DB4: ??? +# ==1995842== by 0x20F18E0D: ??? +# ==1995842== by 0x20F1335A: ??? +# ==1995842== by 0x4AABB63: g_plugin_module_load (plugin.c:1115) +# ==1995842== by 0x4AA957C: load_remaning_plugins (pglist.c:469) +# ==1995842== by 0x4AA8CD2: init_all_plugins (pglist.c:103) +# ==1995842== by 0x10AAE6: main (rost.c:372) +# ==1995842== + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:freelist_alloc + fun:_g_atomic_array_copy + fun:type_node_any_new_W + fun:type_node_new_W + fun:g_type_register_static + fun:g_type_register_static_simple + ... +} + + +# ==1995893== 8 bytes in 1 blocks are still reachable in loss record 36 of 1,026 +# ==1995893== at 0x48406C4: malloc (vg_replace_malloc.c:380) +# ==1995893== by 0x49044CD: g_realloc (gmem.c:201) +# ==1995893== by 0x49046E4: g_realloc_n (gmem.c:433) +# ==1995893== by 0x487FE9F: type_iface_add_prerequisite_W (gtype.c:1542) +# ==1995893== by 0x4884F28: g_type_interface_add_prerequisite (gtype.c:1632) +# ==1995893== by 0x4A9E5C5: g_comparable_item_get_type (comparison.c:40) +# ==1995893== by 0x4A42873: g_scan_expression_get_type_once (expr.c:73) +# ==1995893== by 0x4A427E2: g_scan_expression_get_type (expr.c:73) +# ==1995893== by 0x4A53253: g_scan_pattern_handler_get_type_once (handler.c:76) +# ==1995893== by 0x4A53210: g_scan_pattern_handler_get_type (handler.c:76) +# ==1995893== by 0x4A5347B: g_scan_pattern_handler_new (handler.c:197) +# ==1995893== by 0x4A467F1: rost_parse (grammar.y:1606) +# ==1995893== by 0x4A47785: process_rules_definitions (grammar.y:1895) +# ==1995893== by 0x4A4AE47: g_content_scanner_create_from_file (scanner.c:275) +# ==1995893== by 0x4A4AD6E: g_content_scanner_new_from_file (scanner.c:234) +# ==1995893== by 0x10AC85: main (rost.c:421) +# ==1995893== + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + fun:g_realloc + fun:g_realloc_n + fun:type_iface_add_prerequisite_W + fun:g_type_interface_add_prerequisite + fun:*_get_type + fun:*_get_type_once + ... +} + + + + +###################################################### + + +# ==1995203== 1,024 bytes in 1 blocks are still reachable in loss record 1,015 of 1,026 +# ==1995203== at 0x484582F: realloc (vg_replace_malloc.c:1437) +# ==1995203== by 0x49044CD: g_realloc (gmem.c:201) +# ==1995203== by 0x49046E4: g_realloc_n (gmem.c:433) +# ==1995203== by 0x48EC186: realloc_arrays (ghash.c:723) +# ==1995203== by 0x48EC283: g_hash_table_resize (ghash.c:877) +# ==1995203== by 0x48EC308: g_hash_table_maybe_resize (ghash.c:917) +# ==1995203== by 0x48EC460: g_hash_table_insert_node (ghash.c:1370) +# ==1995203== by 0x48EC4B3: g_hash_table_insert_internal (ghash.c:1629) +# ==1995203== by 0x48ECD1D: g_hash_table_insert (ghash.c:1658) +# ==1995203== by 0x4881561: type_node_any_new_W (gtype.c:528) +# ==1995203== by 0x488184A: type_node_new_W (gtype.c:582) +# ==1995203== by 0x48857D3: g_type_register_dynamic (gtype.c:2900) +# ==1995203== by 0x4AA8962: g_dynamic_types_register_type (dt.c:383) +# ==1995203== by 0x4AA8AC1: build_dynamic_type (dt.c:483) +# ==1995203== by 0x4AAABDA: g_plugin_module_new (plugin.c:506) +# ==1995203== by 0x4AA90C0: browse_directory_for_plugins (pglist.c:272) +# ==1995203== by 0x4AA90B2: browse_directory_for_plugins (pglist.c:268) +# ==1995203== by 0x4AA90B2: browse_directory_for_plugins (pglist.c:268) +# ==1995203== by 0x4AA8C33: init_all_plugins (pglist.c:86) +# ==1995203== by 0x10AAE6: main (rost.c:372) +# ==1995203== + +{ + Lack of g_hash_table_unref() call with static_type_nodes_ht (cf. glib2.0-2.74.6/gobject/gtype.c) + Memcheck:Leak + match-leak-kinds: reachable + fun:realloc + fun:g_realloc + fun:g_realloc_n + fun:realloc_arrays + fun:g_hash_table_resize + fun:g_hash_table_maybe_resize + fun:g_hash_table_insert_node + fun:g_hash_table_insert_internal + fun:g_hash_table_insert + fun:type_node_any_new_W + fun:type_node_new_W + fun:g_type_register_dynamic + ... +} + + +###################################################### + + +# ==1996736== 40 bytes in 1 blocks are still reachable in loss record 485 of 1,026 +# ==1996736== at 0x48407B4: malloc (vg_replace_malloc.c:381) +# ==1996736== by 0x494C2C3: g_rec_mutex_impl_new (gthread-posix.c:286) +# ==1996736== by 0x494C36E: g_rec_mutex_get_impl (gthread-posix.c:312) +# ==1996736== by 0x494C6CB: g_rec_mutex_lock (gthread-posix.c:397) +# ==1996736== by 0x4D8CCBD: g_module_open_full (gmodule.c:515) +# ==1996736== by 0x4D8D1A3: g_module_open (gmodule.c:698) +# ==1996736== by 0x4AA9EB3: g_plugin_module_new (plugin.c:240) +# ==1996736== by 0x4AA90C0: browse_directory_for_plugins (pglist.c:272) +# ==1996736== by 0x4AA90B2: browse_directory_for_plugins (pglist.c:268) +# ==1996736== by 0x4AA90B2: browse_directory_for_plugins (pglist.c:268) +# ==1996736== by 0x4AA8C33: init_all_plugins (pglist.c:86) +# ==1996736== by 0x10AAE6: main (rost.c:372) +# ==1996736== + +{ + Lack of g_rec_mutex_clear() call with g_module_global_lock (cf. glib2.0-2.74.6/gmodule/gmodule.c) + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + fun:g_rec_mutex_impl_new + fun:g_rec_mutex_get_impl + fun:g_rec_mutex_lock + fun:g_module_open_full + fun:g_module_open + ... +} + + + +###################################################### + + +# ==2015061== 64 bytes in 1 blocks are still reachable in loss record 532 of 1,026 +# ==2015061== at 0x484582F: realloc (vg_replace_malloc.c:1437) +# ==2015061== by 0x49044CD: g_realloc (gmem.c:201) +# ==2015061== by 0x48EC1A6: g_hash_table_realloc_key_or_value_array (ghash.c:382) +# ==2015061== by 0x48EC1A6: realloc_arrays (ghash.c:724) +# ==2015061== by 0x48EC2D7: g_hash_table_resize (ghash.c:895) +# ==2015061== by 0x48EC308: g_hash_table_maybe_resize (ghash.c:917) +# ==2015061== by 0x48EC530: g_hash_table_remove_internal (ghash.c:1775) +# ==2015061== by 0x48ECDBA: g_hash_table_remove (ghash.c:1802) +# ==2015061== by 0x487BF82: g_signal_handlers_destroy (gsignal.c:2841) +# ==2015061== by 0x486A853: g_object_real_dispose (gobject.c:1362) +# ==2015061== by 0x4A9E9D2: g_config_param_dispose (configuration.c:199) +# ==2015061== by 0x486BD35: g_object_unref (gobject.c:3867) +# ==2015061== by 0x48FADD2: g_list_foreach (glist.c:1092) +# ==2015061== by 0x48FADED: g_list_free_full (glist.c:246) +# ==2015061== by 0x4AA07A6: g_generic_config_dispose (configuration.c:1233) +# ==2015061== by 0x486BD35: g_object_unref (gobject.c:3867) +# ==2015061== by 0x4A8FC05: unload_main_config_parameters (params.c:146) +# ==2015061== by 0x4A8E552: unload_all_core_components (core.c:174) +# ==2015061== by 0x10ADFC: main (rost.c:470) +# ==2015061== + +{ + Need to fix all GObject memory leaks? + Memcheck:Leak + match-leak-kinds: reachable + fun:realloc + fun:g_realloc + fun:g_hash_table_realloc_key_or_value_array + fun:realloc_arrays + fun:g_hash_table_resize + fun:g_hash_table_maybe_resize + fun:g_hash_table_remove_internal + fun:g_hash_table_remove + fun:g_signal_handlers_destroy + fun:g_object_real_dispose + ... +} + + +# ==2017718== 32 bytes in 1 blocks are still reachable in loss record 474 of 1,026 +# ==2017718== at 0x484582F: realloc (vg_replace_malloc.c:1437) +# ==2017718== by 0x49044CD: g_realloc (gmem.c:201) +# ==2017718== by 0x49046E4: g_realloc_n (gmem.c:433) +# ==2017718== by 0x48EC186: realloc_arrays (ghash.c:723) +# ==2017718== by 0x48EC2D7: g_hash_table_resize (ghash.c:895) +# ==2017718== by 0x48EC308: g_hash_table_maybe_resize (ghash.c:917) +# ==2017718== by 0x48EC530: g_hash_table_remove_internal (ghash.c:1775) +# ==2017718== by 0x48ECDBA: g_hash_table_remove (ghash.c:1802) +# ==2017718== by 0x487BF28: g_signal_handlers_destroy (gsignal.c:2823) +# ==2017718== by 0x486A853: g_object_real_dispose (gobject.c:1362) +# ==2017718== by 0x4A9E9D2: g_config_param_dispose (configuration.c:199) +# ==2017718== by 0x486BD35: g_object_unref (gobject.c:3867) +# ==2017718== by 0x48FADD2: g_list_foreach (glist.c:1092) +# ==2017718== by 0x48FADED: g_list_free_full (glist.c:246) +# ==2017718== by 0x4AA07A6: g_generic_config_dispose (configuration.c:1233) +# ==2017718== by 0x486BD35: g_object_unref (gobject.c:3867) +# ==2017718== by 0x4A8FC05: unload_main_config_parameters (params.c:146) +# ==2017718== by 0x4A8E552: unload_all_core_components (core.c:174) +# ==2017718== by 0x10ADFC: main (rost.c:470) +# ==2017718== + + +{ + Need to fix all GObject memory leaks? + Memcheck:Leak + match-leak-kinds: reachable + fun:realloc + fun:g_realloc + fun:g_realloc_n + fun:realloc_arrays + fun:g_hash_table_resize + fun:g_hash_table_maybe_resize + fun:g_hash_table_remove_internal + fun:g_hash_table_remove + fun:g_signal_handlers_destroy + fun:g_object_real_dispose + ... +} + + +###################################################### + + +# ==2037130== 368 bytes in 23 blocks are still reachable in loss record 1,004 of 1,018 +# ==2037130== at 0x48455EF: calloc (vg_replace_malloc.c:1328) +# ==2037130== by 0x490447A: g_malloc0 (gmem.c:163) +# ==2037130== by 0x487FD25: type_set_qdata_W (gtype.c:3813) +# ==2037130== by 0x4880085: type_add_flags_W (gtype.c:3878) +# ==2037130== by 0x48857E1: g_type_register_dynamic (gtype.c:2901) +# ==2037130== by 0x4AA89FA: g_dynamic_types_register_type (dt.c:410) +# ==2037130== by 0x4AA8B59: build_dynamic_type (dt.c:510) +# ==2037130== by 0x4AAAC93: g_plugin_module_new (plugin.c:506) +# ==2037130== by 0x4AA9179: browse_directory_for_plugins (pglist.c:281) +# ==2037130== by 0x4AA916B: browse_directory_for_plugins (pglist.c:277) +# ==2037130== by 0x4AA916B: browse_directory_for_plugins (pglist.c:277) +# ==2037130== by 0x4AA8CE2: init_all_plugins (pglist.c:91) +# ==2037130== by 0x10AB0A: main (rost.c:372) +# ==2037130== + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:calloc + fun:g_malloc0 + fun:type_set_qdata_W + fun:type_add_flags_W + fun:g_type_register_dynamic + ... +} + + +# ==2037232== 1,840 bytes in 23 blocks are still reachable in loss record 1,008 of 1,018 +# ==2037232== at 0x48455EF: calloc (vg_replace_malloc.c:1328) +# ==2037232== by 0x490447A: g_malloc0 (gmem.c:163) +# ==2037232== by 0x4881971: type_data_make_W (gtype.c:1141) +# ==2037232== by 0x4881F8C: type_data_ref_Wm (gtype.c:1272) +# ==2037232== by 0x4882ECF: g_type_class_ref (gtype.c:3034) +# ==2037232== by 0x486CE03: g_object_new_with_properties (gobject.c:2370) +# ==2037232== by 0x486D625: g_object_new (gobject.c:2037) +# ==2037232== by 0x4AAACB8: g_plugin_module_new (plugin.c:512) +# ==2037232== by 0x4AA9179: browse_directory_for_plugins (pglist.c:281) +# ==2037232== by 0x4AA916B: browse_directory_for_plugins (pglist.c:277) +# ==2037232== by 0x4AA916B: browse_directory_for_plugins (pglist.c:277) +# ==2037232== by 0x4AA8CE2: init_all_plugins (pglist.c:91) +# ==2037232== by 0x10AB0A: main (rost.c:372) +# ==2037232== + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:calloc + fun:g_malloc0 + fun:type_data_make_W + fun:type_data_ref_Wm + fun:g_type_class_ref + fun:g_object_new_with_properties + fun:g_object_new + ... +} + + +# ==2038514== 104 bytes in 1 blocks are still reachable in loss record 845 of 1,018 +# ==2038514== at 0x485FAD8: freelist_alloc (gatomicarray.c:85) +# ==2038514== by 0x485FB57: _g_atomic_array_copy (gatomicarray.c:141) +# ==2038514== by 0x4881259: type_node_add_iface_entry_W (gtype.c:1429) +# ==2038514== by 0x4882417: type_add_interface_Wm (gtype.c:1501) +# ==2038514== by 0x4884B69: g_type_add_interface_static (gtype.c:2939) +# ==2038514== by 0x4A7FA23: g_imm_operand_get_type_once (feeder.c:125) +# ==2038514== by 0x4A7F93F: g_imm_operand_get_type (feeder.c:125) +# ==2038514== by 0x4A8FEE1: register_arch_gtypes (processors.c:83) +# ==2038514== by 0x4A8E4D4: load_all_core_components (core.c:122) +# ==2038514== by 0x10AAF5: main (rost.c:369) +# ==2038514== + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:freelist_alloc + fun:_g_atomic_array_copy + fun:type_node_add_iface_entry_W + fun:type_add_interface_Wm + fun:g_type_add_interface_static + fun:*_get_type_once + ... +} + + +# ==2038565== 80 bytes in 1 blocks are still reachable in loss record 651 of 1,018 +# ==2038565== at 0x485FAD8: freelist_alloc (gatomicarray.c:85) +# ==2038565== by 0x485FB57: _g_atomic_array_copy (gatomicarray.c:141) +# ==2038565== by 0x4881259: type_node_add_iface_entry_W (gtype.c:1429) +# ==2038565== by 0x4882417: type_add_interface_Wm (gtype.c:1501) +# ==2038565== by 0x4884B69: g_type_add_interface_static (gtype.c:2939) +# ==2038565== by 0x217225B5: ??? +# ==2038565== by 0x21722507: ??? +# ==2038565== by 0x2171E32A: ??? +# ==2038565== by 0x2171E360: ??? +# ==2038565== by 0x4AABC1C: g_plugin_module_load (plugin.c:1115) +# ==2038565== by 0x4AA9635: load_remaning_plugins (pglist.c:478) +# ==2038565== by 0x4AA8D81: init_all_plugins (pglist.c:108) +# ==2038565== by 0x10AB0A: main (rost.c:372) +# ==2038565== + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:freelist_alloc + fun:_g_atomic_array_copy + fun:type_node_add_iface_entry_W + fun:type_add_interface_Wm + fun:g_type_add_interface_static + obj:* + obj:* + obj:* + obj:* + ... +} + + +###################################################### + + +# XML2 + +# ==2031163== 104 bytes in 1 blocks are still reachable in loss record 874 of 1,018 +# ==2031163== at 0x48407B4: malloc (vg_replace_malloc.c:381) +# ==2031163== by 0x4E5D79A: xmlNewRMutex (in /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.14) +# ==2031163== by 0x4EC04AC: __xmlInitializeDict (in /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.14) +# ==2031163== by 0x4EC053C: __xmlRandom (in /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.14) +# ==2031163== by 0x4DFFBA5: xmlHashCreate (in /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.14) +# ==2031163== by 0x4E495EF: xmlXPathNewContext (in /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.14) +# ==2031163== by 0x4A8CAB0: create_new_xml_file (xml.c:70) +# ==2031163== by 0x4AA0BFF: g_generic_config_write (configuration.c:1485) +# ==2031163== by 0x4AA9EFA: g_plugin_module_dispose (plugin.c:173) +# ==2031163== by 0x486BD35: g_object_unref (gobject.c:3867) +# ==2031163== by 0x4AA94F0: on_plugin_ref_toggle (pglist.c:393) +# ==2031163== by 0x486B946: toggle_refs_notify (gobject.c:3599) +# ==2031163== by 0x486BCB7: g_object_unref (gobject.c:3806) +# ==2031163== by 0x4AA8F23: exit_all_plugins (pglist.c:162) +# ==2031163== by 0x10AE01: main (rost.c:476) +# ==2031163== + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + fun:xmlNewRMutex + fun:__xmlInitializeDict + fun:__xmlRandom + fun:xmlHashCreate + fun:xmlXPathNewContext + fun:create_new_xml_file + fun:g_generic_config_write + fun:g_plugin_module_dispose + fun:g_object_unref + fun:on_plugin_ref_toggle + fun:toggle_refs_notify + fun:g_object_unref + fun:exit_all_plugins + fun:main +} + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + fun:xmlNewRMutex + fun:__xmlInitializeDict + fun:__xmlRandom + fun:xmlHashCreate + fun:xmlXPathNewContext + fun:create_new_xml_file + fun:g_generic_config_write + fun:g_plugin_module_dispose + fun:g_object_unref + fun:on_plugin_ref_toggle + fun:exit_all_plugins + fun:main +} + + +# Python... + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: possible + fun:malloc + ... + fun:PyImport_Import + fun:create_python_plugin + fun:load_python_plugins + fun:chrysalide_plugin_on_plugins_loaded + fun:load_remaning_plugins + fun:init_all_plugins + fun:main +} + +{ + <insert_a_suppression_name_here> + Memcheck:Leak + match-leak-kinds: possible + fun:malloc + ... + fun:PyImport_Import + fun:PyImport_ImportModule + fun:chrysalide_plugin_init + fun:g_plugin_module_load + fun:load_remaning_plugins + fun:init_all_plugins + fun:main +} |