Package vivisect :: Package vamp
[hide private]
[frames] | no frames]

Source Code for Package vivisect.vamp

 1   
 2  """ 
 3  Vamp is a function/codeblock signaturing framework which is 
 4  a subcomponent of vivisect.  These may be used to import/export 
 5  signature sets and potentially identify code reuse or static 
 6  linking... 
 7   
 8  Current signature ideas: 
 9      function arg count 
10      code block count 
11      globals refs 
12      code block refs 
13      unusual instruction use 
14      odd immediates 
15      import calls 
16      other signature calls 
17      certianty index 
18      Exception handling 
19   
20      There will be function characteristics and code-block 
21      characteristics... 
22   
23  NOTE: Initial signature code consists entirely of the envi 
24  bytesig module and byte/mask sets for known function signatures. 
25  """ 
26   
27   
28 -class Signature:
29 """ 30 A function/procedure signature. 31 """ 32 pass
33 34 from vivisect.const import * 35
36 -def genSigAndMask(vw, funcva):
37 38 """ 39 Generate an envi bytesig signature and mask for the given 40 function block. This will properly mask off relocations 41 if present. 42 """ 43 44 fsize = 0 45 46 # Figgure out the size of the first linear chunk 47 # in this function... 48 cb = vw.getCodeBlock(funcva) 49 while cb != None: 50 cbva, cbsize, cbfunc = cb 51 if cbfunc != funcva: 52 break 53 fsize += cbsize 54 cb = vw.getCodeBlock(cbva+cbsize) 55 56 if fsize == 0: 57 raise Exception("0 length function??!?1") 58 59 bytes = vw.readMemory(funcva, fsize) 60 61 sig = "" 62 mask = "" 63 i = 0 64 while i < fsize: 65 rtype = vw.getRelocation(funcva + i) 66 if rtype == None: 67 sig += bytes[i] 68 mask += "\xff" 69 i += 1 70 elif rtype == RTYPE_BASERELOC: 71 x = "\x00" * vw.psize 72 sig += x 73 mask += x 74 i += vw.psize 75 else: 76 raise Exception("Unhandled Reloc Type: %d" % rtype) 77 78 return sig,mask
79