A manager for generating Signatures/features on function data-flow and control-flow. More...
#include <signature.hh>
Public Types | |
| enum | Mods { SIG_COLLAPSE_SIZE = 0x1 , SIG_COLLAPSE_INDNOISE = 0x2 , SIG_DONOTUSE_CONST = 0x10 , SIG_DONOTUSE_INPUT = 0x20 , SIG_DONOTUSE_PERSIST = 0x40 } |
| Signature generation settings. More... | |
Public Member Functions | |
| virtual void | clear (void) |
| Clear all current Signature/feature resources. | |
| GraphSigManager (void) | |
| Constructor. | |
| virtual | ~GraphSigManager (void) |
| Destructor. | |
| void | setMaxIteration (int4 val) |
| Override the default iterations used for Varnode features. | |
| void | setMaxBlockIteration (int4 val) |
| Override the default iterations used for block features. | |
| void | setMaxVarnode (int4 val) |
| Set a maximum threshold for Varnodes in a function. | |
| virtual void | initializeFromStream (istream &s) |
| Read configuration information from a character stream. | |
| virtual void | setCurrentFunction (const Funcdata *f) |
| Set the function used for (future) feature generation. | |
| virtual void | generate (void) |
| Generate all features for the current function. | |
 Public Member Functions inherited from ghidra::SigManager | |
| SigManager (void) | |
| Constructor. | |
| virtual | ~SigManager (void) |
| Destructor. | |
| int4 | numSignatures (void) const |
| Get the number of features currently generated. | |
| Signature * | getSignature (int4 i) const |
| Get the i-th Signature/feature. | |
| void | getSignatureVector (vector< uint4 > &feature) const |
| Get the feature vector as a simple array of hashes. | |
| hashword | getOverallHash (void) const |
| Combine all feature hashes into one overall hash. | |
| void | sortByHash (void) |
| Sort all current features. | |
| void | print (ostream &s) const |
| Print a brief description of all current features to a stream. | |
| void | encode (Encoder &encoder) const |
| Encode all current features to the given stream. | |
Static Public Member Functions | |
| static bool | testSettings (uint4 val) |
| Test for valid signature generation settings. | |
| Static Public Member Functions inherited from ghidra::SigManager | |
| static uint4 | getSettings (void) |
| Get the settings currently being used for signature generation. | |
| static void | setSettings (uint4 newvalue) |
| Establish settings to use for future signature generation. | |
Private Member Functions | |
| void | signatureIterate (void) |
| Do one iteration of hashing on the SignatureEntrys. | |
| void | signatureBlockIterate (void) |
| Do one iteration of hashing on the BlockSignatureEntrys. | |
| void | collectVarnodeSigs (void) |
| Generate the final feature for each Varnode from its SignatureEntry overlay. | |
| void | collectBlockSigs (void) |
| Generate the final feature(s) for each basic block from its BlockSignatureEntry overlay. | |
| void | varnodeClear (void) |
| Clear all SignatureEntry overlay objects. | |
| void | blockClear (void) |
| Clear all BlockSignatureEntry overlay objects. | |
| void | initializeBlocks (void) |
| Initialize BlockSignatureEntry overlays for the current function. | |
| void | flipVarnodes (void) |
| Store off current Varnode hash values as previous hash values. | |
| void | flipBlocks (void) |
| Store off current block hash values as previous hash values. | |
Private Attributes | |
| uint4 | sigmods |
| Current settings to use for signature generation. | |
| int4 | maxiter |
| Maximum number of iterations across data-flow graph. | |
| int4 | maxblockiter |
| Maximum number of block iterations. | |
| int4 | maxvarnode |
| Maximum number of Varnodes to signature. | |
| map< int4, SignatureEntry * > | sigmap |
| Map from Varnode to SignatureEntry overlay. | |
| map< int4, BlockSignatureEntry * > | blockmap |
| Map from basic block to BlockSignatureEntry overlay. | |
Additional Inherited Members | |
| Protected Member Functions inherited from ghidra::SigManager | |
| void | addSignature (Signature *sig) |
| Add a new feature to the manager. | |
| Protected Attributes inherited from ghidra::SigManager | |
| const Funcdata * | fd |
| Current function off of which we are generating features. | |
Detailed Description
A manager for generating Signatures/features on function data-flow and control-flow.
Features are extracted from the data-flow and control-flow graphs of the function. The different feature types produced by this manager are:
Member Enumeration Documentation
◆ Mods
Signature generation settings.
Member Function Documentation
◆ clear()
|
virtual |
Clear all current Signature/feature resources.
Clear all resources consumed by the manager, including Signature objects and other resources used for generating features. The manager is ready for another round of signature generation.
Reimplemented from ghidra::SigManager.
References blockClear(), ghidra::SigManager::clear(), and varnodeClear().
◆ collectBlockSigs()
|
private |
Generate the final feature(s) for each basic block from its BlockSignatureEntry overlay.
For each basic block, we scan for operations that represent the roots of expressions: CALL, CALLIND, CALLOTHER, STORE, CBRANCH, BRANCHIND, and RETURN. These are taken in sequence, as overlapping pairs, generating cross-expression features. If there are stand-alone COPYs in the basic block, these are combined into a single feature that is invariant under reordering of the COPYs. Finally a feature is generated that contains pure control-flow information about the basic block.
References ghidra::SigManager::addSignature(), ghidra::BlockBasic::beginOp(), blockmap, ghidra::PcodeOp::code(), ghidra::CPUI_BRANCHIND, ghidra::CPUI_CALL, ghidra::CPUI_CALLIND, ghidra::CPUI_CALLOTHER, ghidra::CPUI_CBRANCH, ghidra::CPUI_COPY, ghidra::CPUI_INDIRECT, ghidra::CPUI_RETURN, ghidra::CPUI_STORE, ghidra::BlockBasic::endOp(), ghidra::BlockSignatureEntry::getBlock(), ghidra::SignatureEntry::getHash(), ghidra::BlockSignatureEntry::getHash(), ghidra::PcodeOp::getIn(), ghidra::PcodeOp::getOut(), ghidra::Varnode::hasNoDescend(), ghidra::SignatureEntry::isNotEmitted(), ghidra::SignatureEntry::isStandaloneCopy(), ghidra::SignatureEntry::mapToEntry(), ghidra::SignatureEntry::mapToEntryCollapse(), ghidra::PcodeOp::numInput(), and sigmap.
Referenced by generate().
◆ collectVarnodeSigs()
|
private |
Generate the final feature for each Varnode from its SignatureEntry overlay.
The (previously computed) final hash value for all Varnodes are emitted as VarnodeSignature features.
References ghidra::SigManager::addSignature(), ghidra::SignatureEntry::getHash(), ghidra::SignatureEntry::getVarnode(), ghidra::SignatureEntry::isNotEmitted(), and sigmap.
Referenced by generate().
◆ generate()
|
virtual |
Generate all features for the current function.
Implements ghidra::SigManager.
References blockClear(), collectBlockSigs(), collectVarnodeSigs(), initializeBlocks(), maxblockiter, maxiter, signatureBlockIterate(), signatureIterate(), and varnodeClear().
◆ initializeBlocks()
|
private |
Initialize BlockSignatureEntry overlays for the current function.
Every basic block in the current function is allocated a BlockSignatureEntry and local hash information is calculation in preparation for iterating.
References blockmap, ghidra::SigManager::fd, ghidra::Funcdata::getBasicBlocks(), ghidra::BlockGraph::getBlock(), ghidra::FlowBlock::getIndex(), ghidra::BlockGraph::getSize(), ghidra::BlockSignatureEntry::localHash(), and sigmods.
Referenced by generate().
◆ initializeFromStream()
|
virtual |
Read configuration information from a character stream.
Implements ghidra::SigManager.
References maxiter.
◆ setCurrentFunction()
|
virtual |
Set the function used for (future) feature generation.
- Parameters
-
f is the function being set
Reimplemented from ghidra::SigManager.
References ghidra::Funcdata::beginLoc(), ghidra::Funcdata::endLoc(), ghidra::Varnode::getCreateIndex(), ghidra::Funcdata::getName(), ghidra::SignatureEntry::localHash(), maxvarnode, ghidra::Funcdata::numVarnodes(), ghidra::SignatureEntry::removeNoise(), ghidra::SigManager::setCurrentFunction(), SIG_COLLAPSE_INDNOISE, sigmap, and sigmods.
◆ signatureBlockIterate()
|
private |
Do one iteration of hashing on the BlockSignatureEntrys.
Run through every basic block (via its BlockSignatureEntry overlay) and combine its current hash value with the current hash value of the incoming basic blocks.
References blockmap, flipBlocks(), ghidra::BlockSignatureEntry::getBlock(), ghidra::FlowBlock::getIn(), ghidra::FlowBlock::getIndex(), ghidra::BlockSignatureEntry::hashIn(), and ghidra::FlowBlock::sizeIn().
Referenced by generate().
◆ signatureIterate()
|
private |
Do one iteration of hashing on the SignatureEntrys.
Run through every Varnode (via its SignatureEntry overlay) and combine its current hash value with the current hash value of the Varnode inputs to its effective defining PcodeOp.
References flipVarnodes(), ghidra::SignatureEntry::getIn(), ghidra::SignatureEntry::hashIn(), ghidra::SignatureEntry::isNotEmitted(), ghidra::SignatureEntry::isTerminal(), ghidra::SignatureEntry::numInputs(), and sigmap.
Referenced by generate().
◆ testSettings()
|
static |
Test for valid signature generation settings.
- Returns
- true if the settings are valid for this manager
References SIG_COLLAPSE_INDNOISE, SIG_COLLAPSE_SIZE, SIG_DONOTUSE_CONST, SIG_DONOTUSE_INPUT, and SIG_DONOTUSE_PERSIST.
Referenced by GraphSigManager(), and ghidra::SetSignatureSettings::rawAction().
The documentation for this class was generated from the following files:
- /builds/appsec/reveng-binrw/ghidraplusplus/src/dec/signature.hh
- /builds/appsec/reveng-binrw/ghidraplusplus/src/dec/signature.cc
