retdec
Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Attributes | List of all members
retdec::unpackertool::upx::UpxStubSignatures Class Reference

#include <upx_stub_signatures.h>

Collaboration diagram for retdec::unpackertool::upx::UpxStubSignatures:
Collaboration graph
[legend]

Public Member Functions

 UpxStubSignatures ()=delete
 
 UpxStubSignatures (const UpxStubSignatures &)=delete
 

Static Public Member Functions

static const UpxStubDatamatchSignatures (retdec::loader::Image *file, DynamicBuffer &captureData)
 
static const UpxStubDatamatchSignatures (const DynamicBuffer &data, DynamicBuffer &captureData, retdec::fileformat::Architecture architecture=retdec::fileformat::Architecture::UNKNOWN, retdec::fileformat::Format format=retdec::fileformat::Format::UNKNOWN)
 

Private Member Functions

UpxStubSignaturesoperator= (const UpxStubSignatures &)
 

Static Private Attributes

static std::vector< UpxStubDataallStubs
 All supported unpacking stubs. More...
 

Detailed Description

Static class that is used to match the all supported unpacking stub signatures against the input packed file.

To add new UPX signature follow these steps:

  1. Create signature in upx_stub_signature.cpp in the right section according to comments or create your own section if it is not present.
    Signature archFormatVersionSignature =
    {
    0x00, 0x01, 0x02, ANY, CAP
    };
    #define CAP
    Definition: signature.h:28
    #define ANY
    Definition: signature.h:23
  2. Add signature into allStubs. Provide right retdec::fileformat::Architecture, retdec::fileformat::FileFormat and retdec::unpacker::upx::UpxStubVersion. PE signature also require their whole size to be provided. ELF does not require this. If you signature is located at the variable offset from entry point, you also need to provide maximum search distance. See UpxStubData for further details.

Make sure your signature provide all required data according to implementation of UpxStub::detectVersion for specific file format. Check these methods first to see what kind of data your signature need to capture.

Constructor & Destructor Documentation

◆ UpxStubSignatures() [1/2]

retdec::unpackertool::upx::UpxStubSignatures::UpxStubSignatures ( )
delete

◆ UpxStubSignatures() [2/2]

retdec::unpackertool::upx::UpxStubSignatures::UpxStubSignatures ( const UpxStubSignatures )
delete

Member Function Documentation

◆ matchSignatures() [1/2]

const UpxStubData * retdec::unpackertool::upx::UpxStubSignatures::matchSignatures ( const DynamicBuffer data,
DynamicBuffer captureData,
retdec::fileformat::Architecture  architecture = retdec::fileformat::Architecture::UNKNOWN,
retdec::fileformat::Format  format = retdec::fileformat::Format::UNKNOWN 
)
static

Matches all supported signatures against the data buffer from its beginning. In the case of non-matched signature with searchDistance greather than 0, the searching of the signature is performed up to searchDistance from the its beginning.

Parameters
dataThe input data buffer.
captureDataData to capture from the signature.
architectureArchitecture of the file, if any.
formatFile format of the file, if any.
Returns
Pointer to valid UpxStubData structure containg all data about the unpacking stub in case of successful match, otherwise nullptr.

◆ matchSignatures() [2/2]

const UpxStubData * retdec::unpackertool::upx::UpxStubSignatures::matchSignatures ( retdec::loader::Image file,
DynamicBuffer captureData 
)
static

Matches all supported signatures against the input packed file at its entry point. In the case of non-matched signature with searchDistance greather than 0, the searching of the signature is performed up to searchDistance from the entry point.

Parameters
fileThe input packed file.
captureDataData to capture from the signature.
Returns
Pointer to valid UpxStubData structure containg all data about the unpacking stub in case of successful match, otherwise nullptr.

◆ operator=()

UpxStubSignatures& retdec::unpackertool::upx::UpxStubSignatures::operator= ( const UpxStubSignatures )
private

Member Data Documentation

◆ allStubs

std::vector< UpxStubData > retdec::unpackertool::upx::UpxStubSignatures::allStubs
staticprivate

All supported unpacking stubs.


The documentation for this class was generated from the following files: