summaryrefslogtreecommitdiff
path: root/src/analysis/scan/matches
diff options
context:
space:
mode:
Diffstat (limited to 'src/analysis/scan/matches')
-rw-r--r--src/analysis/scan/matches/Makefile.am15
-rw-r--r--src/analysis/scan/matches/area.c57
-rw-r--r--src/analysis/scan/matches/area.h85
-rw-r--r--src/analysis/scan/matches/bytes-int.h54
-rw-r--r--src/analysis/scan/matches/bytes.c712
-rw-r--r--src/analysis/scan/matches/bytes.h75
-rw-r--r--src/analysis/scan/matches/pending.c677
-rw-r--r--src/analysis/scan/matches/pending.h129
8 files changed, 1804 insertions, 0 deletions
diff --git a/src/analysis/scan/matches/Makefile.am b/src/analysis/scan/matches/Makefile.am
new file mode 100644
index 0000000..f1a69c3
--- /dev/null
+++ b/src/analysis/scan/matches/Makefile.am
@@ -0,0 +1,15 @@
+
+noinst_LTLIBRARIES = libanalysisscanmatches.la
+
+
+libanalysisscanmatches_la_SOURCES = \
+ area.h area.c \
+ bytes-int.h \
+ bytes.h bytes.c
+
+libanalysisscanmatches_la_CFLAGS = $(LIBGOBJ_CFLAGS)
+
+
+devdir = $(includedir)/chrysalide/$(subdir:src/%=core/%)
+
+dev_HEADERS = $(libanalysisscanmatches_la_SOURCES:%c=)
diff --git a/src/analysis/scan/matches/area.c b/src/analysis/scan/matches/area.c
new file mode 100644
index 0000000..3f512b0
--- /dev/null
+++ b/src/analysis/scan/matches/area.c
@@ -0,0 +1,57 @@
+
+/* Chrysalide - Outil d'analyse de fichiers binaires
+ * area.c - conservation des localisations de correspondances
+ *
+ * Copyright (C) 2023 Cyrille Bagard
+ *
+ * This file is part of Chrysalide.
+ *
+ * Chrysalide is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Chrysalide is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "area.h"
+
+
+
+/******************************************************************************
+* *
+* Paramètres : a = première zone de correspondance à comparer. *
+* b = seconde zone de correspondance à comparer. *
+* *
+* Description : Etablit une comparaison entre deux zones de correspondance. *
+* *
+* Retour : Bilan de la comparaison. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+int compare_match_area_as_dl_item(const dl_list_item *a, const dl_list_item *b)
+{
+ int result; /* Bilan à retourner */
+ match_area_t *area_a; /* Première zone à traiter */
+ match_area_t *area_b; /* Seconde zone à traiter */
+
+ area_a = match_area_from_item(a);
+ area_b = match_area_from_item(b);
+
+ result = sort_uint64_t(area_a->start, area_b->start);
+
+ if (result == 0)
+ result = sort_uint64_t(area_a->end, area_b->end);
+
+ return result;
+
+}
diff --git a/src/analysis/scan/matches/area.h b/src/analysis/scan/matches/area.h
new file mode 100644
index 0000000..b059b35
--- /dev/null
+++ b/src/analysis/scan/matches/area.h
@@ -0,0 +1,85 @@
+
+/* Chrysalide - Outil d'analyse de fichiers binaires
+ * area.h - prototypes pour la conservation des localisations de correspondances
+ *
+ * Copyright (C) 2023 Cyrille Bagard
+ *
+ * This file is part of Chrysalide.
+ *
+ * Chrysalide is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Chrysalide is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef _ANALYSIS_SCAN_MATCHES_AREA_H
+#define _ANALYSIS_SCAN_MATCHES_AREA_H
+
+
+#include <assert.h>
+
+
+#include "../../../arch/vmpa.h"
+#include "../../../common/dllist.h"
+
+
+
+/* Couverture d'une correspondance */
+typedef struct _match_area_t
+{
+ phys_t start; /* Point de départ */
+ phys_t end; /* Point d'arrivée (exclus) */
+
+ DL_LIST_ITEM(link); /* Lien vers les maillons */
+
+ size_t mod_path_index; /* Indice de construction */
+ bool has_mod_path; /* Validité du champ précédent */
+
+} match_area_t;
+
+
+#define match_area_from_item(item) \
+ (match_area_t *)container_of(item, match_area_t, link)
+
+#define add_tail_match_area(new, head) \
+ dl_list_add_tail(new, head, match_area_t, link)
+
+#define del_match_area(item, head) \
+ dl_list_del(item, head, match_area_t, link)
+
+#define for_each_match_area(pos, head) \
+ dl_list_for_each(pos, head, match_area_t, link)
+
+#define for_each_match_area_safe(pos, head, next) \
+ dl_list_for_each_safe(pos, head, next, match_area_t, link)
+
+#define is_last_match_area(item, head) \
+ dl_list_is_last(item, head, link)
+
+#define merge_match_areas(head1, head2) \
+ dl_list_merge(head1, head2, match_area_t, link)
+
+#define sort_match_areas_no_dup(head, len, cmp, dup) \
+ ({ \
+ assert(!dl_list_empty(*(head))); \
+ dl_list_item *hmbr = &(*head)->link; \
+ sort_dl_list_no_dup(&hmbr, len, cmp, dup); \
+ match_area_from_item(hmbr); \
+ })
+
+
+/* Etablit une comparaison entre deux zones de correspondance. */
+int compare_match_area_as_dl_item(const dl_list_item *, const dl_list_item *);
+
+
+
+#endif /* _ANALYSIS_SCAN_MATCHES_AREA_H */
diff --git a/src/analysis/scan/matches/bytes-int.h b/src/analysis/scan/matches/bytes-int.h
new file mode 100644
index 0000000..f6239e3
--- /dev/null
+++ b/src/analysis/scan/matches/bytes-int.h
@@ -0,0 +1,54 @@
+
+/* Chrysalide - Outil d'analyse de fichiers binaires
+ * bytes-int.h - prototypes internes pour la sauvegarde de correspondances avec des suites d'octets identifiées
+ *
+ * Copyright (C) 2022 Cyrille Bagard
+ *
+ * This file is part of Chrysalide.
+ *
+ * Chrysalide is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Chrysalide is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef _ANALYSIS_SCAN_MATCHES_BYTES_INT_H
+#define _ANALYSIS_SCAN_MATCHES_BYTES_INT_H
+
+
+#include "bytes.h"
+
+
+#include "../matches-int.h"
+
+
+
+/* Correspondances trouvées avec des suite d'octets (instance) */
+struct _GScanBytesMatches
+{
+ GScanMatches parent; /* A laisser en premier */
+
+ match_area_t *areas; /* Zones couvertes */
+ size_t count; /* Nombre de zones */
+
+};
+
+/* Correspondances trouvées avec des suite d'octets (classe) */
+struct _GScanBytesMatchesClass
+{
+ GScanMatchesClass parent; /* A laisser en premier */
+
+};
+
+
+
+#endif /* _ANALYSIS_SCAN_MATCHES_BYTES_INT_H */
diff --git a/src/analysis/scan/matches/bytes.c b/src/analysis/scan/matches/bytes.c
new file mode 100644
index 0000000..a23188b
--- /dev/null
+++ b/src/analysis/scan/matches/bytes.c
@@ -0,0 +1,712 @@
+
+/* Chrysalide - Outil d'analyse de fichiers binaires
+ * bytes.h - sauvegarde d'une correspondance identifiée de suite d'octets
+ *
+ * Copyright (C) 2022 Cyrille Bagard
+ *
+ * This file is part of Chrysalide.
+ *
+ * Chrysalide is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Chrysalide is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "bytes.h"
+
+
+#include <assert.h>
+#include <ctype.h>
+#include <stdio.h>
+
+
+#include "bytes-int.h"
+#include "../patterns/token.h"
+#include "../../../common/cpp.h"
+#include "../../../core/logs.h"
+
+
+
+/* -------------------- CONSERVATION DE CORRESPONDANCES ETABLIES -------------------- */
+
+
+/* Initialise la classe des séries de correspondances d'octets. */
+static void g_scan_bytes_matches_class_init(GScanBytesMatchesClass *);
+
+/* Initialise une instance de série de correspondances trouvées. */
+static void g_scan_bytes_matches_init(GScanBytesMatches *);
+
+/* Supprime toutes les références externes. */
+static void g_scan_bytes_matches_dispose(GScanBytesMatches *);
+
+/* Procède à la libération totale de la mémoire. */
+static void g_scan_bytes_matches_finalize(GScanBytesMatches *);
+
+
+
+/* --------------------- IMPLEMENTATION DES FONCTIONS DE CLASSE --------------------- */
+
+
+/* Dénombre les correspondances enregistrées pour un motif. */
+static size_t g_scan_bytes_matches_count(const GScanBytesMatches *);
+
+/* Affiche une correspondance au format texte. */
+static void g_scan_bytes_matches_output_to_text(const GScanBytesMatches *, int);
+
+/* Affiche une correspondance au format JSON. */
+static void g_scan_bytes_matches_output_to_json(const GScanBytesMatches *, const sized_string_t *, unsigned int, int);
+
+
+
+/* ---------------------------------------------------------------------------------- */
+/* CONSERVATION DE CORRESPONDANCES ETABLIES */
+/* ---------------------------------------------------------------------------------- */
+
+
+/* Indique le type défini pour une série de correspondances d'octets identifiées. */
+G_DEFINE_TYPE(GScanBytesMatches, g_scan_bytes_matches, G_TYPE_SCAN_MATCHES);
+
+
+/******************************************************************************
+* *
+* Paramètres : klass = classe à initialiser. *
+* *
+* Description : Initialise la classe des séries de correspondances d'octets. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static void g_scan_bytes_matches_class_init(GScanBytesMatchesClass *klass)
+{
+ GObjectClass *object; /* Autre version de la classe */
+ GScanMatchesClass *matches; /* Version parente de la classe*/
+
+ object = G_OBJECT_CLASS(klass);
+
+ object->dispose = (GObjectFinalizeFunc/* ! */)g_scan_bytes_matches_dispose;
+ object->finalize = (GObjectFinalizeFunc)g_scan_bytes_matches_finalize;
+
+ matches = G_SCAN_MATCHES_CLASS(klass);
+
+ matches->count = (count_scan_matches_fc)g_scan_bytes_matches_count;
+
+ matches->to_text = (output_scan_matches_to_text_fc)g_scan_bytes_matches_output_to_text;
+ matches->to_json = (output_scan_matches_to_json_fc)g_scan_bytes_matches_output_to_json;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = instance à initialiser. *
+* *
+* Description : Initialise une instance de série de correspondances trouvées.*
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static void g_scan_bytes_matches_init(GScanBytesMatches *matches)
+{
+ matches->areas = NULL;
+ matches->count = 0;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = instance d'objet GLib à traiter. *
+* *
+* Description : Supprime toutes les références externes. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static void g_scan_bytes_matches_dispose(GScanBytesMatches *matches)
+{
+ G_OBJECT_CLASS(g_scan_bytes_matches_parent_class)->dispose(G_OBJECT(matches));
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = instance d'objet GLib à traiter. *
+* *
+* Description : Procède à la libération totale de la mémoire. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static void g_scan_bytes_matches_finalize(GScanBytesMatches *matches)
+{
+ G_OBJECT_CLASS(g_scan_bytes_matches_parent_class)->finalize(G_OBJECT(matches));
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : - *
+* *
+* Description : Crée un suivi pour série de correspondances avec des octets. *
+* *
+* Retour : Correspondance mise en place. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+GScanMatches *g_scan_bytes_matches_new(void)
+{
+ GScanMatches *result; /* Structure à retourner */
+
+ result = g_object_new(G_TYPE_SCAN_BYTES_MATCHES, NULL);
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à manipuler. *
+* list = correspondances établies à mémoriser. *
+* count = taille de cette liste. *
+* *
+* Description : Intègre une liste de correspondances vérifiées. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void g_scan_bytes_matches_set_list(GScanBytesMatches *matches, match_area_t *list, size_t count)
+{
+ matches->areas = list;
+
+ matches->count = count;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à consulter. *
+* index = indice de la correspondance recherchée. *
+* *
+* Description : Fournit les informations relatives à une correspondance. *
+* *
+* Retour : Propritétés de la correspondance visée ou NULL pour un échec.*
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+const match_area_t *g_scan_bytes_matches_get(const GScanBytesMatches *matches, size_t index)
+{
+ const match_area_t *result; /* Pointeur à retourner */
+
+ for_each_match_area(result, matches->areas)
+ {
+ if (index == 0)
+ break;
+ }
+
+ assert(index == 0);
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = informations de correspondance à consulter. *
+* index = indice de la correspondance visée. *
+* start = position de départ d'un motif détecté. [OUT] *
+* end = position d'arrivée d'un motif détecté. [OUT] *
+* *
+* Description : Indique la localisation d'une correspondance établie. *
+* *
+* Retour : Taille mesurée de la correspondance. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+phys_t g_scan_bytes_matches_get_location(const GScanBytesMatches *matches, size_t index, phys_t *start, phys_t *end)
+{
+ phys_t result; /* Taille à retourner */
+
+ result = 0;
+
+ /*
+ result = match->len;
+
+ *start = match->start;
+ *end = match->start + result;
+ */
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = informations de correspondance à consulter. *
+* *
+* Description : Retrouve l'origine d'une correspondance à partir d'un indice.*
+* *
+* Retour : Version humainement lisible de la combinaison gagnante. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+char *g_scan_bytes_matches_get_modifier_path(const GScanBytesMatches *matches)
+{
+ char *result; /* Combinaison à retourner */
+ GBytesToken *pattern; /* Autre version du motif */
+
+ result = NULL;
+
+ /*
+
+ if (match->has_mod_path)
+ {
+ pattern = G_BYTES_TOKEN(G_SCAN_MATCH(match)->source);
+ result = g_bytes_token_get_modifier_path(pattern, match->mod_path_index);
+ }
+
+ else
+ result = NULL;
+ */
+
+ return result;
+
+}
+
+
+
+/* ---------------------------------------------------------------------------------- */
+/* IMPLEMENTATION DES FONCTIONS DE CLASSE */
+/* ---------------------------------------------------------------------------------- */
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à consulter. *
+* *
+* Description : Dénombre les correspondances enregistrées pour un motif. *
+* *
+* Retour : Quantité de correspondances établies. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static size_t g_scan_bytes_matches_count(const GScanBytesMatches *matches)
+{
+ size_t result; /* Quantité à retourner */
+
+ result = matches->count;
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = définition de correspondance à manipuler. *
+* fd = canal d'écriture. *
+* *
+* Description : Affiche une correspondance au format texte. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static void g_scan_bytes_matches_output_to_text(const GScanBytesMatches *matches, int fd)
+{
+ GScanMatches *base; /* Lien vers les infos de base */
+ GBinContent *content; /* Contenu binaire analysé */
+ const char *name; /* Désignation du motif ciblé */
+ match_area_t *iter; /* Boucle de parcours #1 */
+ char value[2 + ULLONG_MAXLEN]; /* Impression de la position */
+ int ret; /* Bilan d'une conversion */
+ vmpa2t pos; /* Tête de lecture */
+ phys_t len; /* Taille d'une correspondance */
+ const bin_t *data; /* Accès aux données brutes */
+ phys_t k; /* Boucle de parcours #2 */
+
+ base = G_SCAN_MATCHES(matches);
+
+ content = g_scan_context_get_content(base->context);
+
+ name = g_search_pattern_get_name(base->source);
+
+ for_each_match_area(iter, matches->areas)
+ {
+ /* Position dans le binaire (hexadécimal) */
+
+ ret = snprintf(value, ULLONG_MAXLEN, "0x%llx", (unsigned long long)iter->start);
+
+ if (ret > 0)
+ write(fd, value, ret);
+
+ else
+ {
+ log_simple_message(LMT_EXT_ERROR, "Error while converting offset to hex!");
+ write(fd, "\"<error>\"", 9);
+ }
+
+ write(fd, ":", 1);
+
+ /* Affichage de la désignation */
+
+ write(fd, "$", 1);
+
+ /**
+ * Les fonctionnalités Yara d'origine autorisent les variables anonymes '$'.
+ *
+ * Cette absence de nom est supportée ici.
+ */
+
+ if (name != NULL)
+ write(fd, name, strlen(name));
+
+ write(fd, ": ", 2);
+
+ /* Affichage du contenu */
+
+ init_vmpa(&pos, iter->start, VMPA_NO_VIRTUAL);
+
+ len = iter->end - iter->start;
+
+ data = g_binary_content_get_raw_access(content, &pos, len);
+ assert(data != NULL);
+
+ for (k = 0; k < len; k++)
+ {
+ if (isprint(data[k]))
+ write(fd, &data[k], 1);
+
+ else
+ {
+ write(fd, "\\x", 2);
+
+ ret = snprintf(value, ULLONG_MAXLEN, "%02hhx", data[k]);
+
+ if (ret > 0)
+ {
+ assert(ret == 2);
+ write(fd, value, ret);
+ }
+
+ else
+ {
+ log_simple_message(LMT_EXT_ERROR, "Error while converting data!");
+ write(fd, "??", 2);
+ }
+
+ }
+
+ }
+
+ write(fd, "\n", 1);
+
+ }
+
+ g_object_unref(G_OBJECT(content));
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = définition de correspondance à manipuler. *
+* padding = éventuel bourrage initial à placer ou NULL. *
+* level = profondeur actuelle. *
+* fd = canal d'écriture. *
+* *
+* Description : Affiche une correspondance au format JSON. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static void g_scan_bytes_matches_output_to_json(const GScanBytesMatches *matches, const sized_string_t *padding, unsigned int level, int fd)
+{
+ unsigned int i; /* Boucle de parcours #1 */
+ char value[4 + ULLONG_MAXLEN]; /* Impression de la position */
+ int ret; /* Bilan d'une conversion */
+ GScanMatches *base; /* Lien vers les infos de base */
+ GBinContent *content; /* Contenu binaire analysé */
+ match_area_t *iter; /* Boucle de parcours #1 */
+ vmpa2t pos; /* Tête de lecture */
+ phys_t len; /* Taille d'une correspondance */
+ const bin_t *data; /* Accès aux données brutes */
+ phys_t k; /* Boucle de parcours #2 */
+
+ /* Nombre de correspondances */
+
+ for (i = 0; i < level; i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "\"match_count\": ", 15);
+
+ ret = snprintf(value, ULLONG_MAXLEN, "%zu", matches->count);
+
+ if (ret > 0)
+ write(fd, value, ret);
+
+ else
+ {
+ log_simple_message(LMT_EXT_ERROR, "Error while converting value!");
+ write(fd, "null", 4);
+ }
+
+ write(fd, ",\n", 2);
+
+ /* Détail des correspondances */
+
+ for (i = 0; i < level; i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "\"matches\": [\n", 13);
+
+ base = G_SCAN_MATCHES(matches);
+
+ content = g_scan_context_get_content(base->context);
+
+ for_each_match_area(iter, matches->areas)
+ {
+ /* Marqueur de début */
+
+ for (i = 0; i < (level + 1); i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "{\n", 2);
+
+ /* Position dans le binaire (décimal) */
+
+ for (i = 0; i < (level + 2); i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "\"offset\": ", 10);
+
+ ret = snprintf(value, ULLONG_MAXLEN, "%llu", (unsigned long long)iter->start);
+
+ if (ret > 0)
+ write(fd, value, ret);
+
+ else
+ {
+ log_simple_message(LMT_EXT_ERROR, "Error while converting offset!");
+ write(fd, "null", 4);
+ }
+
+ write(fd, ",\n", 2);
+
+ /* Position dans le binaire (hexadécimal) */
+
+ for (i = 0; i < (level + 2); i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "\"offset_hex\": ", 14);
+
+ ret = snprintf(value, ULLONG_MAXLEN, "\"0x%llx\"", (unsigned long long)iter->start);
+
+ if (ret > 0)
+ write(fd, value, ret);
+
+ else
+ {
+ log_simple_message(LMT_EXT_ERROR, "Error while converting offset to hex!");
+ write(fd, "null", 4);
+ }
+
+ write(fd, ",\n", 2);
+
+ /* Affichage du contenu brut */
+
+ for (i = 0; i < (level + 2); i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "\"content\": \"", 12);
+
+ init_vmpa(&pos, iter->start, VMPA_NO_VIRTUAL);
+
+ len = iter->end - iter->start;
+
+ data = g_binary_content_get_raw_access(content, &pos, len);
+ assert(data != NULL);
+
+ for (k = 0; k < len; k++)
+ {
+ if (data[k] == '\\')
+ write(fd, "\\\\", 2);
+
+ else if (isprint(data[k]))
+ write(fd, &data[k], 1);
+
+ else
+ {
+ write(fd, "\\u", 2);
+
+ /**
+ * Cf. https://datatracker.ietf.org/doc/html/rfc8259#section-7
+ */
+ ret = snprintf(value, ULLONG_MAXLEN, "%04hhx", data[k]);
+
+ if (ret > 0)
+ {
+ assert(ret == 4);
+ write(fd, value, ret);
+ }
+
+ else
+ {
+ log_simple_message(LMT_EXT_ERROR, "Error while converting data!");
+ write(fd, "??", 2);
+ }
+
+ }
+
+ }
+
+ write(fd, "\",\n", 3);
+
+ /* Affichage du contenu en version humainement lisible */
+
+ for (i = 0; i < (level + 2); i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "\"content_str\": \"", 16);
+
+ init_vmpa(&pos, iter->start, VMPA_NO_VIRTUAL);
+
+ data = g_binary_content_get_raw_access(content, &pos, len);
+ assert(data != NULL);
+
+ for (k = 0; k < len; k++)
+ {
+ if (data[k] == '\\')
+ write(fd, "\\\\", 2);
+
+ else if (isprint(data[k]))
+ write(fd, &data[k], 1);
+
+ else
+ {
+ write(fd, "\\\\x", 3);
+
+ ret = snprintf(value, ULLONG_MAXLEN, "%02hhx", data[k]);
+
+ if (ret > 0)
+ {
+ assert(ret == 2);
+ write(fd, value, ret);
+ }
+
+ else
+ {
+ log_simple_message(LMT_EXT_ERROR, "Error while converting data!");
+ write(fd, "??", 2);
+ }
+
+ }
+
+ }
+
+ write(fd, "\",\n", 3);
+
+ /* Affichage du contenu brut */
+
+ for (i = 0; i < (level + 2); i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "\"length\": ", 10);
+
+ ret = snprintf(value, ULLONG_MAXLEN, "%llu", (unsigned long long)len);
+
+ if (ret > 0)
+ write(fd, value, ret);
+
+ else
+ {
+ log_simple_message(LMT_EXT_ERROR, "Error while converting data!");
+ write(fd, "-1", 2);
+ }
+
+ write(fd, ",\n", 2);
+
+ /* Affichage du contenu brut (hexadécimal) */
+
+ for (i = 0; i < (level + 2); i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "\"length_hex\": ", 14);
+
+ ret = snprintf(value, ULLONG_MAXLEN, "\"0x%llx\"", (unsigned long long)len);
+
+ if (ret > 0)
+ write(fd, value, ret);
+
+ else
+ {
+ log_simple_message(LMT_EXT_ERROR, "Error while converting data!");
+ write(fd, "\"0xffffffffffffffff\"", 20);
+ }
+
+ write(fd, "\n", 1);
+
+ /* Marqueur de fin */
+
+ for (i = 0; i < (level + 1); i++)
+ write(fd, padding->data, padding->len);
+
+ if (is_last_match_area(iter, matches->areas))
+ write(fd, "}\n", 2);
+ else
+ write(fd, "},\n", 3);
+
+ }
+
+ g_object_unref(G_OBJECT(content));
+
+ for (i = 0; i < level; i++)
+ write(fd, padding->data, padding->len);
+
+ write(fd, "]\n", 2);
+
+}
diff --git a/src/analysis/scan/matches/bytes.h b/src/analysis/scan/matches/bytes.h
new file mode 100644
index 0000000..90d6062
--- /dev/null
+++ b/src/analysis/scan/matches/bytes.h
@@ -0,0 +1,75 @@
+
+/* Chrysalide - Outil d'analyse de fichiers binaires
+ * bytes.h - prototypes pour la sauvegarde de correspondances avec des suites d'octets identifiées
+ *
+ * Copyright (C) 2022 Cyrille Bagard
+ *
+ * This file is part of Chrysalide.
+ *
+ * Chrysalide is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Chrysalide is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef _ANALYSIS_SCAN_MATCHES_BYTES_H
+#define _ANALYSIS_SCAN_MATCHES_BYTES_H
+
+
+#include <glib-object.h>
+
+
+#include "area.h"
+#include "../context.h"
+#include "../matches.h"
+
+
+
+/* -------------------- CONSERVATION DE CORRESPONDANCES ETABLIES -------------------- */
+
+
+#define G_TYPE_SCAN_BYTES_MATCHES g_scan_bytes_matches_get_type()
+#define G_SCAN_BYTES_MATCHES(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_SCAN_BYTES_MATCHES, GScanBytesMatches))
+#define G_IS_SCAN_BYTES_MATCHES(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_SCAN_BYTES_MATCHES))
+#define G_SCAN_BYTES_MATCHES_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_SCAN_BYTES_MATCHES, GScanBytesMatchesClass))
+#define G_IS_SCAN_BYTES_MATCHES_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_SCAN_BYTES_MATCHES))
+#define G_SCAN_BYTES_MATCHES_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_SCAN_BYTES_MATCHES, GScanBytesMatchesClass))
+
+
+/* Correspondances trouvées avec des suite d'octets (instance) */
+typedef struct _GScanBytesMatches GScanBytesMatches;
+
+/* Correspondances trouvées avec des suite d'octets (classe) */
+typedef struct _GScanBytesMatchesClass GScanBytesMatchesClass;
+
+
+/* Indique le type défini pour une série de correspondances d'octets identifiées. */
+GType g_scan_bytes_matches_get_type(void);
+
+/* Crée un suivi pour série de correspondances avec des octets. */
+GScanMatches *g_scan_bytes_matches_new(void);
+
+/* Intègre une liste de correspondances vérifiées. */
+void g_scan_bytes_matches_set_list(GScanBytesMatches *, match_area_t *, size_t);
+
+/* Fournit les informations relatives à une correspondance. */
+const match_area_t *g_scan_bytes_matches_get(const GScanBytesMatches *, size_t);
+
+/* Indique la localisation d'une correspondance établie. */
+phys_t g_scan_bytes_matches_get_location(const GScanBytesMatches *, size_t, phys_t *, phys_t *);
+
+/* Retrouve l'origine d'une correspondance à partir d'un indice. */
+char *g_scan_bytes_matches_get_modifier_path(const GScanBytesMatches *);
+
+
+
+#endif /* _ANALYSIS_SCAN_MATCHES_BYTES_H */
diff --git a/src/analysis/scan/matches/pending.c b/src/analysis/scan/matches/pending.c
new file mode 100644
index 0000000..c653257
--- /dev/null
+++ b/src/analysis/scan/matches/pending.c
@@ -0,0 +1,677 @@
+
+/* Chrysalide - Outil d'analyse de fichiers binaires
+ * pending.c - consolidation de correspondances partielles
+ *
+ * Copyright (C) 2023 Cyrille Bagard
+ *
+ * This file is part of Chrysalide.
+ *
+ * Chrysalide is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Chrysalide is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "pending.h"
+
+
+#include <malloc.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+#include "../../../common/sort.h"
+
+
+
+
+
+/* ------------------------- MEMORISATION D'UNE ZONE BORNEE ------------------------- */
+
+
+/* Compare deux couvertures bornées de correspondances. */
+static int compare_match_area(const match_area_t *, const match_area_t *);
+
+
+
+/* -------------------- CONSERVATION DE CORRESPONDANCES ETABLIES -------------------- */
+
+
+#define PENDING_ALLOC_SIZE 10
+
+
+
+
+
+/* ---------------------------------------------------------------------------------- */
+/* MEMORISATION D'UNE ZONE BORNEE */
+/* ---------------------------------------------------------------------------------- */
+
+
+/******************************************************************************
+* *
+* Paramètres : allocator = allocateur dédié à l'ensemble de zones. *
+* start = point de départ d'une nouvelle correspondance. *
+* length = taille de la zone couverte. *
+* *
+* Description : Crée une nouvelle structure de suivi de correspondance. *
+* *
+* Retour : Structure initialisée mise en place. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static match_area_t *create_match_area(GUMemCache *allocator, phys_t start, phys_t length)
+{
+ match_area_t *result; /* Zone à retourner */
+
+ result = g_umem_cache_alloc(allocator);
+
+ DL_LIST_ITEM_INIT(&result->link);
+
+ result->start = start;
+ result->end = start + length;
+
+ assert(matches->content_start <= result->start);
+ assert(result->end <= matches->content_end);
+
+ result->ttl = 1;
+
+ result->has_mod_path = false;
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : allocator = allocateur dédié à l'ensemble de zones. *
+* start = point de départ d'une nouvelle correspondance. *
+* length = taille de la zone couverte. *
+* index = indice de construction pour le motif concerné. *
+* *
+* Description : Crée une nouvelle structure de suivi de correspondance. *
+* *
+* Retour : Structure initialisée mise en place. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static match_area_t *create_match_area_with_path(GUMemCache *allocator, phys_t start, phys_t length, size_t index)
+{
+ match_area_t *result; /* Zone à retourner */
+
+ result = g_umem_cache_alloc(allocator);
+
+ DL_LIST_ITEM_INIT(&result->link);
+
+ result->start = start;
+ result->end = start + length;
+
+ assert(matches->content_start <= result->start);
+ assert(result->end <= matches->content_end);
+
+ result->ttl = 1;
+
+ result->mod_path_index = index;
+ result->has_mod_path = true;
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : area = zone de suivi à supprimer. *
+* allocator = allocateur dédié à l'ensemble de zones. *
+* *
+* Description : Supprime une structure de suivi de correspondance. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static void delete_match_area(match_area_t *area, GUMemCache *allocator)
+{
+ // TODO : assert(alone)
+
+ g_umem_cache_free(allocator, area);
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : a = pointeur vers la première zone à analyser. *
+* b = pointeur vers la seconde zone à analyser. *
+* *
+* Description : Compare deux couvertures bornées de correspondances. *
+* *
+* Retour : Bilan de la comparaison. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static int compare_match_area(const match_area_t *a, const match_area_t *b)
+{
+ int result; /* Bilan à renvoyer */
+
+ result = sort_unsigned_long_long(a->start, b->start);
+
+ if (result == 0)
+ result = sort_unsigned_long_long(a->end, b->end);
+
+ if (result == 0)
+ result = sort_unsigned_long_long(a->ttl, b->ttl);
+
+ if (result == 0)
+ result = sort_unsigned_long_long(a->has_mod_path, b->has_mod_path);
+
+ if (result == 0)
+ result = sort_unsigned_long_long(a->mod_path_index, b->mod_path_index);
+
+ return result;
+
+}
+
+
+
+/* ---------------------------------------------------------------------------------- */
+/* CONSERVATION DE CORRESPONDANCES ETABLIES */
+/* ---------------------------------------------------------------------------------- */
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à initialiser. *
+* start = première position du contenu (souvent 0). *
+* end = position de fin du contenu. *
+* *
+* Description : Initialise une structure de consolidation de correspondances.*
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void init_pending_matches(pending_matches_t *matches, const phys_t *start, const phys_t *end)
+{
+ matches->content_start = *start;
+ matches->content_end = *end;
+
+ matches->allocator = NULL;
+ matches->areas = NULL;
+ matches->allocated = 0;
+ matches->used = 0;
+
+ matches->initialized = false;
+
+ matches->abort = false;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : dest = suivi de correspondances à initialiser. [OUT] *
+* src = suivi de correspondances à copier. *
+* *
+* Description : Copie une structure de consolidation de correspondances. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void copy_pending_matches(pending_matches_t *dest, const pending_matches_t *src)
+{
+ dest->content_start = src->content_start;
+ dest->content_end = src->content_end;
+
+ dest->areas = malloc(src->used * sizeof(match_area_t));
+ dest->allocated = src->used;
+ dest->used = src->used;
+
+ memcpy(dest->areas, src->areas, src->used * sizeof(match_area_t));
+
+ dest->initialized = src->initialized;
+
+ dest->abort = src->abort;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : dest = suivi de correspondances à initialiser. [OUT] *
+* src = suivi de correspondances à copier. *
+* *
+* Description : Fusionne une structure de consolidation avec une autre. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void merge_pending_matches(pending_matches_t *dest, const pending_matches_t *src)
+{
+ if ((dest->used + src->used) > dest->allocated)
+ {
+ dest->allocated += src->used;
+
+ dest->areas = realloc(dest->areas, dest->allocated * sizeof(match_area_t));
+
+ }
+
+ memcpy(&dest->areas[dest->used], src->areas, src->used * sizeof(match_area_t));
+
+ dest->used += src->used;
+
+ dest->initialized |= src->initialized;
+
+ dest->abort |= src->abort;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à purger. *
+* *
+* Description : Libère la mémoire utilisée par une consolidation. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void exit_pending_matches(pending_matches_t *matches)
+{
+ if (matches->areas != NULL)
+ free(matches->areas);
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à consulter. *
+* *
+* Description : Dénombre les correspondances établies jusque là. *
+* *
+* Retour : Quantité de correspondances complètes jusqu'à présent. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+size_t count_pending_matches(const pending_matches_t *matches)
+{
+ size_t result; /* Quantité à renvoyer */
+
+ result = matches->used;
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à consulter. *
+* count = nombre de correspondances en attente. [OUT] *
+* *
+* Description : Fournit la liste des correspondances établies à présent. *
+* *
+* Retour : Liste de correspondances en lecture seule. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+match_area_t * const *get_all_pending_matches(const pending_matches_t *matches, size_t *count)
+{
+ match_area_t * const *result; /* Série à renvoyer */
+
+ result = &matches->areas;
+
+ *count = matches->used;
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à compléter. *
+* start = point de départ d'une nouvelle correspondance. *
+* length = taille de la zone couverte. *
+* *
+* Description : Ajoute au suivi la définition d'une nouvelle correspondance. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void add_pending_match(pending_matches_t *matches, phys_t start, phys_t length)
+{
+ match_area_t *area; /* Nouvelle zone à intégrer */
+
+ area = create_match_area(matches->allocator, start, length);
+
+ dl_list_add_tail(area, &matches->areas, match_area_t, link);
+ matches->used++;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à compléter. *
+* start = point de départ d'une nouvelle correspondance. *
+* length = taille de la zone couverte. *
+* index = indice de construction pour le motif concerné. *
+* *
+* Description : Ajoute au suivi la définition d'une nouvelle correspondance. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void add_pending_match_with_path(pending_matches_t *matches, phys_t start, phys_t length, size_t index)
+{
+ match_area_t *area; /* Nouvelle zone à intégrer */
+
+ area = create_match_area_with_path(matches->allocator, start, length, index);
+
+ dl_list_add_tail(area, &matches->areas, match_area_t, link);
+ matches->used++;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à compléter. *
+* target = indice de la zone de correspondance concernée. *
+* start = nouvelle position initiale de la zone couverte. *
+* *
+* Description : Etend une zone couverte dans le suivi des correspondances. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void extend_pending_match_beginning(pending_matches_t *matches, size_t target, phys_t start)
+{
+ match_area_t *area; /* Zone à actualiser */
+
+ assert(target < matches->used);
+
+ area = &matches->areas[target];
+
+ if (area->ttl == 0)
+ {
+ assert(matches->content_start <= start);
+
+ area->start = start;
+
+ area->ttl = 1;
+
+ }
+ else
+ {
+ assert(area->ttl == 1);
+
+ add_pending_match(matches, start, area->end - start);
+
+ }
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à compléter. *
+* target = indice de la zone de correspondance concernée. *
+* length = taille de la zone couverte supplémentaire. *
+* *
+* Description : Etend une zone couverte dans le suivi des correspondances. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void extend_pending_match_ending(pending_matches_t *matches, size_t target, phys_t end)
+{
+ match_area_t *area; /* Zone à actualiser */
+
+ assert(target < matches->used);
+
+ area = &matches->areas[target];
+
+ if (area->ttl == 0)
+ {
+ assert(end <= matches->content_end);
+
+ area->end = end;
+
+ area->ttl = 1;
+
+ }
+ else
+ {
+ assert(area->ttl == 1);
+
+ add_pending_match(matches, area->start, end - area->start);
+
+ }
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à modifier. *
+* *
+* Description : Réinitialisation à 0 tous les TTL de correspondances. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void reset_pending_matches_ttl(pending_matches_t *matches)
+{
+ size_t i; /* Boucle de parcours */
+
+ assert(matches->initialized);
+
+ for (i = 0; i < matches->used; i++)
+ matches->areas[i].ttl = 0;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à modifier. *
+* *
+* Description : Retire toutes les correspondances sans issue pour l'analyse. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void purge_pending_matches(pending_matches_t *matches)
+{
+ match_area_t *del_start; /* Départ d'une zone morte */
+ match_area_t *del_end; /* Fin d'une zone morte */
+ size_t del_remaining; /* Nombre de valides ensuite */
+ size_t del_count; /* Nombre d'éléments à effacer */
+ size_t i; /* Boucle de parcours */
+
+ assert(matches->initialized);
+
+ /**
+ * Note : le code original était le suivant :
+ *
+
+ * for (i = matches->used; i > 0; i--)
+ * if (matches->areas[i - 1].ttl == 0)
+ * {
+ * memmove(&matches->areas[i - 1], &matches->areas[i], (matches->used - i) * sizeof(match_area_t));
+ * matches->used--;
+ * }
+ *
+ * Pour éviter les appels à memmove(), un déplacement par blocs est désormais visée.
+ */
+
+ del_start = NULL;
+ del_end = NULL;
+ del_count = 0;
+ del_remaining = 0;
+
+ /* Suppression en bloc si possible */
+
+ for (i = matches->used; i > 0; i--)
+ {
+ if (matches->areas[i - 1].ttl == 0)
+ {
+ del_start = &matches->areas[i - 1];
+
+ if (del_end == NULL)
+ {
+ del_end = del_start;
+ del_remaining = matches->used - i;
+ }
+
+ del_count++;
+
+ }
+ else
+ {
+ if (del_start != NULL)
+ {
+ assert(&matches->areas[i] == del_start);
+
+ if (del_remaining > 0)
+ memmove(del_start, del_end + 1, del_remaining * sizeof(match_area_t));
+
+ assert(matches->used > del_count);
+ matches->used -= del_count;
+
+ del_start = NULL;
+ del_end = NULL;
+ del_count = 0;
+ del_remaining = 0;
+
+ }
+
+ }
+
+ }
+
+ /* Dernier traitement au besoin */
+
+ if (del_start != NULL)
+ {
+ assert(&matches->areas[0] == del_start);
+
+ if (del_remaining > 0)
+ memmove(del_start, del_end + 1, del_remaining * sizeof(match_area_t));
+
+ assert(matches->used >= del_count);
+ matches->used -= del_count;
+
+ }
+
+ /* Bilan */
+
+ matches->abort = (matches->used == 0);
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à finaliser. *
+* *
+* Description : Trie les correspondances et retire tous les doublons. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void sort_and_filter_pending_matches(pending_matches_t *matches)
+{
+ match_area_t *last; /* Dernière zone conservée */
+ size_t i; /* Boucle de parcours */
+ match_area_t *cur; /* Zone courante dans l'analyse*/
+
+ if (matches->used > 0)
+ {
+ qsort(matches->areas, matches->used, sizeof(match_area_t), (__compar_fn_t)compare_match_area);
+
+ last = &matches->areas[0];
+
+ for (i = 1; i < matches->used; i++)
+ {
+ cur = &matches->areas[i];
+
+ if (last->start != cur->start || last->end != cur->end)
+ {
+ if ((cur - last) > 1)
+ {
+ memmove(last + 1, cur, (matches->used - i) * sizeof(match_area_t));
+ matches->used -= (cur - last + 1);
+ }
+
+ last = cur;
+
+ }
+
+ }
+
+ cur = &matches->areas[matches->used - 1];
+
+ if (last != cur)
+ matches->used = last - matches->areas + 1;
+
+ }
+
+}
diff --git a/src/analysis/scan/matches/pending.h b/src/analysis/scan/matches/pending.h
new file mode 100644
index 0000000..e430ca1
--- /dev/null
+++ b/src/analysis/scan/matches/pending.h
@@ -0,0 +1,129 @@
+
+/* Chrysalide - Outil d'analyse de fichiers binaires
+ * pending.h - prototypes pour la consolidation de correspondances partielles
+ *
+ * Copyright (C) 2023 Cyrille Bagard
+ *
+ * This file is part of Chrysalide.
+ *
+ * Chrysalide is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Chrysalide is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#if 0 //ndef _ANALYSIS_SCAN_MATCHES_PENDING_H
+#define _ANALYSIS_SCAN_MATCHES_PENDING_H
+
+
+#include <assert.h>
+#include <stdbool.h>
+
+
+#include "../../content.h"
+#include "../../../common/dllist.h"
+
+
+
+// TODO : move vers ByteMatch
+typedef int GUMemCache;
+
+
+
+/* Couverture d'une correspondance */
+typedef struct _match_area_t
+{
+ DL_LIST_ITEM(link); /* Lien vers les maillons */
+
+ phys_t start; /* Point de départ */
+ phys_t end; /* Point d'arrivée (exclus) */
+
+ unsigned long ttl; /* Durée de vie pour analyse */
+
+ size_t mod_path_index; /* Indice de construction */
+ bool has_mod_path; /* Validité du champ précédent */
+
+} match_area_t;
+
+/* Suivi de correspondances */
+typedef struct _pending_matches_t
+{
+ phys_t content_start; /* Point de début du contenu */
+ phys_t content_end; /* Point de fin du contenu */
+
+ GUMemCache *allocator; /* Allocateur pour zones */
+ match_area_t *areas; /* Zones couvertes */
+ size_t allocated; /* Nombre d'allocations */
+ size_t used; /* Nombre de zones */
+
+ bool initialized; /* Etat du suivi */
+
+ bool abort; /* Inutilité d'une poursuite */
+
+} pending_matches_t;
+
+
+/* Initialise une structure de consolidation de correspondances. */
+void init_pending_matches(pending_matches_t *, const phys_t *, const phys_t *);
+
+/* Copie une structure de consolidation de correspondances. */
+void copy_pending_matches(pending_matches_t *, const pending_matches_t *);
+
+/* Fusionner une structure de consolidation avec une autre. */
+void merge_pending_matches(pending_matches_t *, const pending_matches_t *);
+
+/* Libère la mémoire utilisée par une consolidation. */
+void exit_pending_matches(pending_matches_t *);
+
+// TODO ajouter un assert(used == 0) si !initialized */
+#define are_pending_matches_initialized(pm) pm->initialized
+
+#define set_pending_matches_initialized(pm) pm->initialized = true
+
+/* Dénombre les correspondances établies jusque là. */
+size_t count_pending_matches(const pending_matches_t *);
+
+/* Fournit la liste des correspondances établies à présent. */
+match_area_t * const *get_all_pending_matches(const pending_matches_t *, size_t *);
+
+/* Ajoute au suivi la définition d'une nouvelle correspondance. */
+void add_pending_match(pending_matches_t *, phys_t, phys_t);
+
+/* Ajoute au suivi la définition d'une nouvelle correspondance. */
+void add_pending_match_with_path(pending_matches_t *, phys_t, phys_t, size_t);
+
+/* Etend une zone couverte dans le suivi des correspondances. */
+void extend_pending_match_beginning(pending_matches_t *, size_t, phys_t);
+
+/* Etend une zone couverte dans le suivi des correspondances. */
+void extend_pending_match_ending(pending_matches_t *, size_t, phys_t);
+
+/* Réinitialisation à 0 tous les TTL de correspondances. */
+void reset_pending_matches_ttl(pending_matches_t *);
+
+#define keep_pending_match(p) \
+ do \
+ { \
+ assert(p->ttl == 0); \
+ p->ttl = 1; \
+ } \
+ while (0);
+
+/* Retire toutes les correspondances sans issue pour l'analyse. */
+void purge_pending_matches(pending_matches_t *);
+
+/* Trie les correspondances et retire tous les doublons. */
+void sort_and_filter_pending_matches(pending_matches_t *);
+
+
+
+#endif /* _ANALYSIS_SCAN_MATCHES_PENDING_H */
generated by cgit v0.11.2-87-g4458 at 2024-05-10 15:48:16 (GMT)