retdec
cptypes.h
Go to the documentation of this file.
1 
7 #ifndef RETDEC_CPDETECT_CPTYPES_H
8 #define RETDEC_CPDETECT_CPTYPES_H
9 
10 #include <limits>
11 #include <vector>
12 
15 
16 namespace retdec {
17 namespace cpdetect {
18 
22 enum class ReturnCode
23 {
24  OK,
25  ARG,
33  UNKNOWN_CP,
34 };
35 
39 enum class SearchType
40 {
41  EXACT_MATCH,
42  MOST_SIMILAR,
43  SIM_LIST
44 };
45 
49 enum class DetectionMethod
50 {
51  UNKNOWN,
52  COMBINED,
53  SIGNATURE,
63  COMMENT_H,
64  NOTE_H,
65  MANIFEST_H,
66  HEADER_H,
67  YARA_RULE,
68  OTHER_H
69 };
70 
75 {
76  LOW,
77  MEDIUM,
78  HIGH,
79  SURE
80 };
81 
85 enum class ToolType
86 {
87  UNKNOWN,
88  COMPILER,
89  LINKER,
90  INSTALLER,
91  PACKER,
92  OTHER
93 };
94 
98 enum class Packed
99 {
100  NOT_PACKED,
101  PROBABLY_NO,
102  PROBABLY_YES,
103  PACKED
104 };
105 
110 {
112 
113  bool internal;
114  bool external;
115 
116  std::size_t epBytesCount;
117 
118  DetectParams(
119  SearchType searchType_,
120  bool internal_,
121  bool external_,
122  std::size_t epBytesCount_ = EP_BYTES_SIZE);
123 };
124 
129 {
131  std::string name;
132  std::string versionInfo;
133  std::string additionalInfo;
134 
136  unsigned long long impCount = 0;
138  unsigned long long agreeCount = 0;
139 
144 
145  bool isReliable() const;
146  bool isCompiler() const;
147  bool isLinker() const;
148  bool isInstaller() const;
149  bool isPacker() const;
150  bool isKnownType() const;
151  bool isUnknownType() const;
152 };
153 
158 {
159  bool bytecode = false;
160 
161  std::string name;
162  std::string additionalInfo;
163 };
164 
177 {
179  std::vector<std::string> errorMessages;
181  std::vector<DetectResult> detectedTools;
183  std::vector<DetectLanguage> detectedLanguages;
184 
186  bool entryPointOffset = false;
188  long long unsigned int epOffset =
189  std::numeric_limits<long long unsigned int>::max();
190 
192  bool entryPointAddress = false;
194  long long unsigned int epAddress =
195  std::numeric_limits<long long unsigned int>::max();
197  long long unsigned int imageBase =
198  std::numeric_limits<long long unsigned int>::max();
199 
201  uint64_t overlayOffset = 0;
203  size_t overlaySize = 0;
204 
206  bool entryPointSection = false;
210  std::string epBytes;
211 
214  void addTool(
215  DetectionMethod source,
216  DetectionStrength strength,
217  ToolType toolType,
218  const std::string &name,
219  const std::string &version = "",
220  const std::string &extra = "");
221  void addTool(
222  std::size_t matchNibbles,
223  std::size_t totalNibbles,
224  ToolType toolType,
225  const std::string &name,
226  const std::string &version = "",
227  const std::string &extra = "");
228  void addLanguage(
229  const std::string &name,
230  const std::string &extra = "",
231  bool bytecode = false);
233 
236  bool isReliableResult(std::size_t resultIndex) const;
237  bool hasReliableResult() const;
238  Packed isPacked() const;
240 };
241 
246 {
247  unsigned long long same = 0;
248  unsigned long long total = 0;
249  double ratio = 0.0;
250 };
251 
252 std::string detectionMetodToString(DetectionMethod method);
253 std::string toolTypeToString(ToolType toolType);
254 std::string packedToString(Packed packed);
255 
256 } // namespace cpdetect
257 } // namespace retdec
258 
259 #endif
Definition: section.h:19
Header file for fileformat types and structures.
std::string toolTypeToString(ToolType toolType)
Definition: cptypes.cpp:340
SearchType
Definition: cptypes.h:40
@ SIM_LIST
list of similar signatures
@ EXACT_MATCH
only identical signatures
@ MOST_SIMILAR
the most similar signature
ToolType
Definition: cptypes.h:86
DetectionStrength
Definition: cptypes.h:75
DetectionMethod
Definition: cptypes.h:50
@ DWARF_DEBUG_H
DWARF debug information.
@ YARA_RULE
Heuristic detection by a YARA rule.
@ COMBINED
combination of methods
@ DYNAMIC_ENTRIES_H
.dynamic section
@ UNKNOWN
unknown detection method
@ LINKED_LIBRARIES_H
specific libraries
@ SIGNATURE
yara or slashed signature
Packed
Definition: cptypes.h:99
ReturnCode
Definition: cptypes.h:23
std::string detectionMetodToString(DetectionMethod method)
Definition: cptypes.cpp:273
const std::size_t EP_BYTES_SIZE
Definition: settings.h:22
std::string packedToString(Packed packed)
Definition: cptypes.cpp:371
Definition: archive_wrapper.h:19
Settings for compiler detection.
Definition: cptypes.h:158
std::string name
< true if bytecode is detected
Definition: cptypes.h:161
bool bytecode
Definition: cptypes.h:159
std::string additionalInfo
some additional information
Definition: cptypes.h:162
Definition: cptypes.h:110
SearchType searchType
type of search
Definition: cptypes.h:111
std::size_t epBytesCount
Definition: cptypes.h:116
DetectParams(SearchType searchType_, bool internal_, bool external_, std::size_t epBytesCount_=EP_BYTES_SIZE)
Definition: cptypes.cpp:15
bool external
use of external signature database
Definition: cptypes.h:114
Definition: cptypes.h:129
bool isReliable() const
Definition: cptypes.cpp:32
std::string additionalInfo
Definition: cptypes.h:133
std::string versionInfo
Definition: cptypes.h:132
bool isInstaller() const
Definition: cptypes.cpp:60
DetectionMethod source
detection type
Definition: cptypes.h:141
bool isUnknownType() const
Definition: cptypes.cpp:87
bool isKnownType() const
Definition: cptypes.cpp:78
bool isLinker() const
Definition: cptypes.cpp:51
unsigned long long impCount
total number of significant nibbles
Definition: cptypes.h:136
bool isCompiler() const
Definition: cptypes.cpp:42
unsigned long long agreeCount
matched number of significant nibbles
Definition: cptypes.h:138
std::string name
Definition: cptypes.h:131
ToolType type
Definition: cptypes.h:130
DetectionStrength strength
detection strength
Definition: cptypes.h:143
bool isPacker() const
Definition: cptypes.cpp:69
Definition: cptypes.h:246
double ratio
same divided by total
Definition: cptypes.h:249
unsigned long long same
matched number of significant nibbles
Definition: cptypes.h:247
unsigned long long total
total number of significant nibbles
Definition: cptypes.h:248
Definition: cptypes.h:177
void addTool(DetectionMethod source, DetectionStrength strength, ToolType toolType, const std::string &name, const std::string &version="", const std::string &extra="")
Definition: cptypes.cpp:101
retdec::fileformat::Section epSection
entry point section
Definition: cptypes.h:208
Packed isPacked() const
Definition: cptypes.cpp:233
bool entryPointAddress
false if file has no has no or invalid EP address
Definition: cptypes.h:192
long long unsigned int epAddress
entry point address
Definition: cptypes.h:194
bool entryPointSection
false if file has no or invalid EP section
Definition: cptypes.h:206
void addLanguage(const std::string &name, const std::string &extra="", bool bytecode=false)
Definition: cptypes.cpp:170
bool hasReliableResult() const
Definition: cptypes.cpp:216
long long unsigned int imageBase
image base address
Definition: cptypes.h:197
long long unsigned int epOffset
entry point offset
Definition: cptypes.h:188
size_t overlaySize
length of the file overlay. 0 if no overlay
Definition: cptypes.h:203
std::vector< DetectResult > detectedTools
detected tools (compilers, packers...)
Definition: cptypes.h:181
std::vector< DetectLanguage > detectedLanguages
detected programming language(s)
Definition: cptypes.h:183
bool entryPointOffset
false if file has no has no or invalid EP offset
Definition: cptypes.h:186
uint64_t overlayOffset
offset of the file overlay. 0 if no overlay
Definition: cptypes.h:201
std::string epBytes
hexadecimal representation of entry point bytes
Definition: cptypes.h:210
std::vector< std::string > errorMessages
error and warning messages
Definition: cptypes.h:179
bool isReliableResult(std::size_t resultIndex) const
Definition: cptypes.cpp:205