Home | Trees | Indices | Help |
---|
|
This class contains the logic to perform Crypto identification. Two techniques are currently supported: 1. A heuristic approach that identifies functions and basic blocks based on the ratio of arithmetic/logic instructions to all instructions 2. A signature-based approach, using the signatures defined in PatternManager
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
scan with the arithmetic/logic heuristic
|
update all six threshold bounds
|
get all blocks that are within the limits specified by the heuristic parameters. parameters are the same as in function "update_thresholds" except param is_nonzero: defines whether zeroing instructions (like xor eax, eax) shall be counted or not. type is_nonzero: boolean
|
returns the number of basic blocks that have been analyzed.
|
returns the raw bytes of the segments as stored by IDA
|
perform a scan ofr signatures. For matching, the standard python re module is used.
|
returns the length for a signature, identified by its name
|
get all references to a certain address. These are no xrefs in IDA sense but references to the crypto signatures. If the signature points to an instruction, e.g. if a constant is moved to a register, the return is flagged as "True", meaning it is an in-code reference.
|
Get all signature hits that have a length of at least match_filter_factor percent of the signature they triggered. Hits are grouped by signature names.
|
Home | Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 on Mon Sep 17 13:18:34 2012 | http://epydoc.sourceforge.net |