retdec
signature.h
Go to the documentation of this file.
1 
7 #ifndef RETDEC_CPDETECT_SIGNATURE_H
8 #define RETDEC_CPDETECT_SIGNATURE_H
9 
10 #include <string>
11 
12 namespace retdec {
13 namespace cpdetect {
14 
15 /*
16 
17 Signature for description of used compiler or packer
18 
19 NEW AVG SIGNATURE FORMAT USED IN THIS PROGRAM
20 0 (A)
21 0 (B)
22 "FCB8------??B9--------81F9--------750681C1270000003001C1C0034181F9--??----75E4;" (C)
23 
24 Parts:
25  A - start distance of search (decimal) from EP
26  B - end distance of search (decimal) from EP
27  C - pattern
28 
29 Note:
30  A and B are 0, it means that pattern can be only on the first position.
31  If A and B are UINT_MAX, it means that pattern placement is unspecified.
32 
33  Patterns are in little endian, semicolon at end of pattern is optional.
34 
35 PATTERN FORMAT:
36  FF -> one byte value
37  -- -> one variable byte
38  8- -> variable nibble
39 
40  ? -> equal to -
41 
42  / -> unconditional jump
43  - the first byte on slash position must be EB or E9 (on x86)
44  - the first byte (after EB) or the first 4 bytes (after E9) tells
45  us how many bytes we must skip (this number is signed)
46  - next part of the pattern we compare after skipped bytes
47  - examples of agreement:
48  pattern: "/EB--536861726577617265202D20;"
49  file: EB03------EB--536861726577617265202D20
50  xx ---> * skip here
51  pattern: "/EB--536861726577617265202D20;"
52  file: EB02----EB--536861726577617265202D20
53  xx -> * skip here
54  pattern: "/536861726577617265202D20;"
55  file: E903000000------536861726577617265202D20
56  xx ---------> * skip here
57 */
58 class Signature
59 {
60  public:
61  std::string name;
62  std::string version;
63  std::string pattern;
64  std::string additional;
65  unsigned startOffset = 0;
66  unsigned endOffset = 0;
67 
68  Signature(
69  std::string sName,
70  std::string sVersion,
71  std::string sPattern,
72  std::string sAdditional = "",
73  unsigned sStart = 0,
74  unsigned sEnd = 0
75  );
76 
77  static bool isValidSignaturePattern(const std::string& pattern);
78 };
79 
80 } // namespace cpdetect
81 } // namespace retdec
82 
83 #endif
Definition: signature.h:59
std::string name
name of used tool
Definition: signature.h:61
std::string version
version of used tool
Definition: signature.h:62
unsigned startOffset
start offset of pattern
Definition: signature.h:65
unsigned endOffset
end offset of pattern
Definition: signature.h:66
std::string additional
additional information about tool
Definition: signature.h:64
Signature(std::string sName, std::string sVersion, std::string sPattern, std::string sAdditional="", unsigned sStart=0, unsigned sEnd=0)
Definition: signature.cpp:22
static bool isValidSignaturePattern(const std::string &pattern)
Definition: signature.cpp:39
std::string pattern
signature pattern
Definition: signature.h:63
Definition: archive_wrapper.h:19