#include <pe_heuristics.h>
|
|
virtual void | getFormatSpecificCompilerHeuristics () override |
|
virtual void | getFormatSpecificLanguageHeuristics () override |
|
std::string | getUpxVersion () |
|
const DetectResult * | isDetected (const std::string &name, const DetectionStrength minStrength=DetectionStrength::LOW) |
|
void | addCompiler (DetectionMethod source, DetectionStrength strength, const std::string &name, const std::string &version="", const std::string &extra="") |
|
void | addLinker (DetectionMethod source, DetectionStrength strength, const std::string &name, const std::string &version="", const std::string &extra="") |
|
void | addInstaller (DetectionMethod source, DetectionStrength strength, const std::string &name, const std::string &version="", const std::string &extra="") |
|
void | addPacker (DetectionMethod source, DetectionStrength strength, const std::string &name, const std::string &version="", const std::string &extra="") |
|
void | addCompiler (std::size_t matchNibbles, std::size_t totalNibbles, const std::string &name, const std::string &version="", const std::string &extra="") |
|
void | addPacker (std::size_t matchNibbles, std::size_t totalNibbles, const std::string &name, const std::string &version="", const std::string &extra="") |
|
void | addLanguage (const std::string &name, const std::string &extraInfo="", bool isBytecode=false) |
|
void | addPriorityLanguage (const std::string &name, const std::string &extraInfo="", bool isBytecode=false) |
|
std::size_t | findSectionName (const std::string §ionName) const |
|
std::size_t | findSectionNameStart (const std::string §ionName) const |
|
◆ PeHeuristics()
◆ checkSecuROMSignature()
bool retdec::cpdetect::PeHeuristics::checkSecuROMSignature |
( |
const char * |
fileData, |
|
|
const char * |
fileDataEnd, |
|
|
uint32_t |
FileOffset |
|
) |
| |
|
private |
◆ getActiveDeliveryHeuristics()
void retdec::cpdetect::PeHeuristics::getActiveDeliveryHeuristics |
( |
| ) |
|
|
private |
Try to detect Active Delivery
◆ getActiveMarkHeuristics()
void retdec::cpdetect::PeHeuristics::getActiveMarkHeuristics |
( |
| ) |
|
|
private |
Detection of ActiveMark packer
◆ getAdeptProtectorHeuristics()
void retdec::cpdetect::PeHeuristics::getAdeptProtectorHeuristics |
( |
| ) |
|
|
private |
Try to detect Adept Protector
◆ getAndpakkHeuristics()
void retdec::cpdetect::PeHeuristics::getAndpakkHeuristics |
( |
| ) |
|
|
private |
Try to detect ANDpakk packer
◆ getArmadilloHeuristic()
void retdec::cpdetect::PeHeuristics::getArmadilloHeuristic |
( |
| ) |
|
|
private |
Try to detect Armadillo packer
◆ getAutoItHeuristics()
void retdec::cpdetect::PeHeuristics::getAutoItHeuristics |
( |
| ) |
|
|
private |
Try to detect AutoIt programming language
◆ getBeRoHeuristics()
void retdec::cpdetect::PeHeuristics::getBeRoHeuristics |
( |
| ) |
|
|
private |
Try to detect BeRo Tiny Pascal
◆ getBorlandDelphiHeuristics()
void retdec::cpdetect::PeHeuristics::getBorlandDelphiHeuristics |
( |
| ) |
|
|
private |
Try to detect Borland Delphi
◆ getCodeLockHeuristics()
void retdec::cpdetect::PeHeuristics::getCodeLockHeuristics |
( |
| ) |
|
|
private |
◆ getDotNetHeuristics()
void retdec::cpdetect::PeHeuristics::getDotNetHeuristics |
( |
| ) |
|
|
private |
◆ getEnigmaHeuristics()
void retdec::cpdetect::PeHeuristics::getEnigmaHeuristics |
( |
| ) |
|
|
private |
Try to detect ENIGMA protector
◆ getEnigmaVersion()
std::string retdec::cpdetect::PeHeuristics::getEnigmaVersion |
( |
| ) |
|
|
private |
Try detect version of Enigma protector
- Returns
- Detected version of Enigma or empty string if version is not detected
◆ getExcelsiorHeuristics()
void retdec::cpdetect::PeHeuristics::getExcelsiorHeuristics |
( |
| ) |
|
|
private |
Try to detect Excelsior Installer
◆ getEzirizReactorHeuristics()
void retdec::cpdetect::PeHeuristics::getEzirizReactorHeuristics |
( |
| ) |
|
|
private |
Try to detect Eziriz .NET Reactor packer
◆ getFormatSpecificCompilerHeuristics()
void retdec::cpdetect::PeHeuristics::getFormatSpecificCompilerHeuristics |
( |
| ) |
|
|
overrideprotectedvirtual |
◆ getFormatSpecificLanguageHeuristics()
void retdec::cpdetect::PeHeuristics::getFormatSpecificLanguageHeuristics |
( |
| ) |
|
|
overrideprotectedvirtual |
◆ getFsgHeuristics()
void retdec::cpdetect::PeHeuristics::getFsgHeuristics |
( |
| ) |
|
|
private |
Try to detect FSG packer based on heuristics
◆ getGoHeuristics()
void retdec::cpdetect::PeHeuristics::getGoHeuristics |
( |
| ) |
|
|
private |
Try to detect Go language binaries
◆ getHeaderStyleHeuristics()
void retdec::cpdetect::PeHeuristics::getHeaderStyleHeuristics |
( |
| ) |
|
|
private |
◆ getInt32Unaligned()
std::int32_t retdec::cpdetect::PeHeuristics::getInt32Unaligned |
( |
const std::uint8_t * |
codePtr | ) |
|
|
private |
◆ getLinkerVersionHeuristic()
void retdec::cpdetect::PeHeuristics::getLinkerVersionHeuristic |
( |
| ) |
|
|
private |
Try to detect compiler by linker version
◆ getManifestHeuristic()
void retdec::cpdetect::PeHeuristics::getManifestHeuristic |
( |
| ) |
|
|
private |
Search manifest for possible tool clues
◆ getMewSectionHeuristics()
void retdec::cpdetect::PeHeuristics::getMewSectionHeuristics |
( |
| ) |
|
|
private |
◆ getMorphineHeuristics()
void retdec::cpdetect::PeHeuristics::getMorphineHeuristics |
( |
| ) |
|
|
private |
Try to detect Morphine encryptor
◆ getMPRMMGVAHeuristics()
void retdec::cpdetect::PeHeuristics::getMPRMMGVAHeuristics |
( |
| ) |
|
|
private |
Detection of MPRMMGVA packer
◆ getMsvcIntelHeuristics()
void retdec::cpdetect::PeHeuristics::getMsvcIntelHeuristics |
( |
| ) |
|
|
private |
Try to detect Microsoft Visual C++ compiler or Intel XE compiler
◆ getNetHeuristic()
void retdec::cpdetect::PeHeuristics::getNetHeuristic |
( |
| ) |
|
|
private |
Try to detect various .NET tools
◆ getNsPackSectionHeuristics()
void retdec::cpdetect::PeHeuristics::getNsPackSectionHeuristics |
( |
| ) |
|
|
private |
Try to detect NsPack packer
◆ getNullsoftHeuristic()
void retdec::cpdetect::PeHeuristics::getNullsoftHeuristic |
( |
| ) |
|
|
private |
◆ getPeCompactHeuristics()
void retdec::cpdetect::PeHeuristics::getPeCompactHeuristics |
( |
| ) |
|
|
private |
Try to detect PECompact based on heuristics
◆ getPelockHeuristics()
void retdec::cpdetect::PeHeuristics::getPelockHeuristics |
( |
| ) |
|
|
private |
Try to detect PELock packer
◆ getPeSectionHeuristics()
void retdec::cpdetect::PeHeuristics::getPeSectionHeuristics |
( |
| ) |
|
|
private |
Detect tools by specific section names
◆ getPetiteHeuristics()
void retdec::cpdetect::PeHeuristics::getPetiteHeuristics |
( |
| ) |
|
|
private |
Detection of Petite packer
◆ getRdataHeuristic()
void retdec::cpdetect::PeHeuristics::getRdataHeuristic |
( |
| ) |
|
|
private |
Various PE specific .rdata section heuristics
◆ getRLPackHeuristics()
void retdec::cpdetect::PeHeuristics::getRLPackHeuristics |
( |
| ) |
|
|
private |
Detection of RLPack packer
◆ getSafeDiscHeuristics()
void retdec::cpdetect::PeHeuristics::getSafeDiscHeuristics |
( |
| ) |
|
|
private |
Try to detect SafeDisc From ntdll!LdrpCheckForSafeDiscImage
◆ getSecuROMHeuristics()
void retdec::cpdetect::PeHeuristics::getSecuROMHeuristics |
( |
| ) |
|
|
private |
Try to detect SecuROM protection From ntdll!LdrpCheckForSecuROMImage
◆ getSevenZipHeuristics()
void retdec::cpdetect::PeHeuristics::getSevenZipHeuristics |
( |
| ) |
|
|
private |
◆ getSlashedSignatures()
void retdec::cpdetect::PeHeuristics::getSlashedSignatures |
( |
| ) |
|
|
private |
Try to detect used compiler or packer based on slashed signatures
◆ getStarforceHeuristic()
void retdec::cpdetect::PeHeuristics::getStarforceHeuristic |
( |
| ) |
|
|
private |
Try to detect StarForce packer
◆ getStarForceHeuristics()
void retdec::cpdetect::PeHeuristics::getStarForceHeuristics |
( |
| ) |
|
|
private |
Try to detect StarForce protection
◆ getUpxAdditionalInfo()
std::string retdec::cpdetect::PeHeuristics::getUpxAdditionalInfo |
( |
std::size_t |
metadataPos | ) |
|
|
private |
Try detect additional information of UPX packer
- Returns
- Additional information
Each information is enclosed in square brackets separated by the space.
◆ getUpxHeuristics()
void retdec::cpdetect::PeHeuristics::getUpxHeuristics |
( |
| ) |
|
|
private |
Try to detect UPX (Ultimate packer for executables)
◆ getVBoxHeuristics()
void retdec::cpdetect::PeHeuristics::getVBoxHeuristics |
( |
| ) |
|
|
private |
◆ getVisualBasicHeuristics()
void retdec::cpdetect::PeHeuristics::getVisualBasicHeuristics |
( |
| ) |
|
|
private |
Try to detect Visual Basic
◆ getVmProtectHeuristics()
void retdec::cpdetect::PeHeuristics::getVmProtectHeuristics |
( |
| ) |
|
|
private |
◆ skip_NOP_JMP8_JMP32()
const std::uint8_t * retdec::cpdetect::PeHeuristics::skip_NOP_JMP8_JMP32 |
( |
const std::uint8_t * |
codeBegin, |
|
|
const std::uint8_t * |
codePtr, |
|
|
const std::uint8_t * |
codeEnd, |
|
|
std::size_t |
maxCount |
|
) |
| |
|
private |
Parses the code, follows NOPs or JMPs
◆ declaredLength
std::size_t retdec::cpdetect::PeHeuristics::declaredLength |
|
private |
◆ loadedLength
std::size_t retdec::cpdetect::PeHeuristics::loadedLength |
|
private |
actual loaded length of file
◆ peParser
The documentation for this class was generated from the following files:
- /var/cache/acbs/build/acbs.6bu6osb6/retdec/include/retdec/cpdetect/heuristics/pe_heuristics.h
- /var/cache/acbs/build/acbs.6bu6osb6/retdec/src/cpdetect/heuristics/pe_heuristics.cpp