Source

simpliFiRE.IDAscope / documentation / epydoc / IDAscope.idascope.core.CryptoIdentifier-pysrc.html

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
<?xml version="1.0" encoding="ascii"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>IDAscope.idascope.core.CryptoIdentifier</title>
  <link rel="stylesheet" href="epydoc.css" type="text/css" />
  <script type="text/javascript" src="epydoc.js"></script>
</head>

<body bgcolor="white" text="black" link="blue" vlink="#204080"
      alink="#204080">
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="IDAscope-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
  <tr valign="top">
    <td width="100%">
      <span class="breadcrumbs">
        <a href="IDAscope-module.html">Package&nbsp;IDAscope</a> ::
        <a href="IDAscope.idascope-module.html">Package&nbsp;idascope</a> ::
        <a href="IDAscope.idascope.core-module.html">Package&nbsp;core</a> ::
        Module&nbsp;CryptoIdentifier
      </span>
    </td>
    <td>
      <table cellpadding="0" cellspacing="0">
        <!-- hide/show private -->
        <tr><td align="right"><span class="options">[<a href="javascript:void(0);" class="privatelink"
    onclick="toggle_private();">hide&nbsp;private</a>]</span></td></tr>
        <tr><td align="right"><span class="options"
            >[<a href="frames.html" target="_top">frames</a
            >]&nbsp;|&nbsp;<a href="IDAscope.idascope.core.CryptoIdentifier-pysrc.html"
            target="_top">no&nbsp;frames</a>]</span></td></tr>
      </table>
    </td>
  </tr>
</table>
<h1 class="epydoc">Source Code for <a href="IDAscope.idascope.core.CryptoIdentifier-module.html">Module IDAscope.idascope.core.CryptoIdentifier</a></h1>
<pre class="py-src">
<a name="L1"></a><tt class="py-lineno">  1</tt>  <tt class="py-line"><tt class="py-comment">#!/usr/bin/python</tt> </tt>
<a name="L2"></a><tt class="py-lineno">  2</tt>  <tt class="py-line"><tt class="py-comment">########################################################################</tt> </tt>
<a name="L3"></a><tt class="py-lineno">  3</tt>  <tt class="py-line"><tt class="py-comment"># Copyright (c) 2012</tt> </tt>
<a name="L4"></a><tt class="py-lineno">  4</tt>  <tt class="py-line"><tt class="py-comment"># Daniel Plohmann &lt;daniel.plohmann&lt;at&gt;gmail&lt;dot&gt;com&gt;</tt> </tt>
<a name="L5"></a><tt class="py-lineno">  5</tt>  <tt class="py-line"><tt class="py-comment"># Alexander Hanel &lt;alexander.hanel&lt;at&gt;gmail&lt;dot&gt;com&gt;</tt> </tt>
<a name="L6"></a><tt class="py-lineno">  6</tt>  <tt class="py-line"><tt class="py-comment"># All rights reserved.</tt> </tt>
<a name="L7"></a><tt class="py-lineno">  7</tt>  <tt class="py-line"><tt class="py-comment">########################################################################</tt> </tt>
<a name="L8"></a><tt class="py-lineno">  8</tt>  <tt class="py-line"><tt class="py-comment">#</tt> </tt>
<a name="L9"></a><tt class="py-lineno">  9</tt>  <tt class="py-line"><tt class="py-comment">#  This file is part of IDAscope</tt> </tt>
<a name="L10"></a><tt class="py-lineno"> 10</tt>  <tt class="py-line"><tt class="py-comment">#</tt> </tt>
<a name="L11"></a><tt class="py-lineno"> 11</tt>  <tt class="py-line"><tt class="py-comment">#  IDAscope is free software: you can redistribute it and/or modify it</tt> </tt>
<a name="L12"></a><tt class="py-lineno"> 12</tt>  <tt class="py-line"><tt class="py-comment">#  under the terms of the GNU General Public License as published by</tt> </tt>
<a name="L13"></a><tt class="py-lineno"> 13</tt>  <tt class="py-line"><tt class="py-comment">#  the Free Software Foundation, either version 3 of the License, or</tt> </tt>
<a name="L14"></a><tt class="py-lineno"> 14</tt>  <tt class="py-line"><tt class="py-comment">#  (at your option) any later version.</tt> </tt>
<a name="L15"></a><tt class="py-lineno"> 15</tt>  <tt class="py-line"><tt class="py-comment">#</tt> </tt>
<a name="L16"></a><tt class="py-lineno"> 16</tt>  <tt class="py-line"><tt class="py-comment">#  This program is distributed in the hope that it will be useful, but</tt> </tt>
<a name="L17"></a><tt class="py-lineno"> 17</tt>  <tt class="py-line"><tt class="py-comment">#  WITHOUT ANY WARRANTY; without even the implied warranty of</tt> </tt>
<a name="L18"></a><tt class="py-lineno"> 18</tt>  <tt class="py-line"><tt class="py-comment">#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU</tt> </tt>
<a name="L19"></a><tt class="py-lineno"> 19</tt>  <tt class="py-line"><tt class="py-comment">#  General Public License for more details.</tt> </tt>
<a name="L20"></a><tt class="py-lineno"> 20</tt>  <tt class="py-line"><tt class="py-comment">#</tt> </tt>
<a name="L21"></a><tt class="py-lineno"> 21</tt>  <tt class="py-line"><tt class="py-comment">#  You should have received a copy of the GNU General Public License</tt> </tt>
<a name="L22"></a><tt class="py-lineno"> 22</tt>  <tt class="py-line"><tt class="py-comment">#  along with this program.  If not, see</tt> </tt>
<a name="L23"></a><tt class="py-lineno"> 23</tt>  <tt class="py-line"><tt class="py-comment">#  &lt;http://www.gnu.org/licenses/&gt;.</tt> </tt>
<a name="L24"></a><tt class="py-lineno"> 24</tt>  <tt class="py-line"><tt class="py-comment">#</tt> </tt>
<a name="L25"></a><tt class="py-lineno"> 25</tt>  <tt class="py-line"><tt class="py-comment">########################################################################</tt> </tt>
<a name="L26"></a><tt class="py-lineno"> 26</tt>  <tt class="py-line"> </tt>
<a name="L27"></a><tt class="py-lineno"> 27</tt>  <tt class="py-line"> </tt>
<a name="L28"></a><tt class="py-lineno"> 28</tt>  <tt class="py-line"><tt class="py-keyword">import</tt> <tt class="py-name">time</tt> </tt>
<a name="L29"></a><tt class="py-lineno"> 29</tt>  <tt class="py-line"><tt class="py-keyword">import</tt> <tt class="py-name">re</tt> </tt>
<a name="L30"></a><tt class="py-lineno"> 30</tt>  <tt class="py-line"> </tt>
<a name="L31"></a><tt class="py-lineno"> 31</tt>  <tt class="py-line"><tt class="py-keyword">from</tt> <tt id="link-0" class="py-name" targets="Module IDAscope.idascope.core.IdaProxy=IDAscope.idascope.core.IdaProxy-module.html,Class IDAscope.idascope.core.IdaProxy.IdaProxy=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html"><a title="IDAscope.idascope.core.IdaProxy
IDAscope.idascope.core.IdaProxy.IdaProxy" class="py-name" href="#" onclick="return doclink('link-0', 'IdaProxy', 'link-0');">IdaProxy</a></tt> <tt class="py-keyword">import</tt> <tt id="link-1" class="py-name"><a title="IDAscope.idascope.core.IdaProxy
IDAscope.idascope.core.IdaProxy.IdaProxy" class="py-name" href="#" onclick="return doclink('link-1', 'IdaProxy', 'link-0');">IdaProxy</a></tt> </tt>
<a name="L32"></a><tt class="py-lineno"> 32</tt>  <tt class="py-line"><tt class="py-keyword">from</tt> <tt id="link-2" class="py-name" targets="Module IDAscope.idascope.core.PatternManager=IDAscope.idascope.core.PatternManager-module.html,Class IDAscope.idascope.core.PatternManager.PatternManager=IDAscope.idascope.core.PatternManager.PatternManager-class.html"><a title="IDAscope.idascope.core.PatternManager
IDAscope.idascope.core.PatternManager.PatternManager" class="py-name" href="#" onclick="return doclink('link-2', 'PatternManager', 'link-2');">PatternManager</a></tt> <tt class="py-keyword">import</tt> <tt id="link-3" class="py-name"><a title="IDAscope.idascope.core.PatternManager
IDAscope.idascope.core.PatternManager.PatternManager" class="py-name" href="#" onclick="return doclink('link-3', 'PatternManager', 'link-2');">PatternManager</a></tt> </tt>
<a name="L33"></a><tt class="py-lineno"> 33</tt>  <tt class="py-line"> </tt>
<a name="L34"></a><tt class="py-lineno"> 34</tt>  <tt class="py-line"><tt class="py-keyword">from</tt> <tt id="link-4" class="py-name" targets="Package IDAscope.idascope=IDAscope.idascope-module.html"><a title="IDAscope.idascope" class="py-name" href="#" onclick="return doclink('link-4', 'idascope', 'link-4');">idascope</a></tt><tt class="py-op">.</tt><tt id="link-5" class="py-name" targets="Package IDAscope.idascope.core=IDAscope.idascope.core-module.html"><a title="IDAscope.idascope.core" class="py-name" href="#" onclick="return doclink('link-5', 'core', 'link-5');">core</a></tt><tt class="py-op">.</tt><tt id="link-6" class="py-name" targets="Package IDAscope.idascope.core.structures=IDAscope.idascope.core.structures-module.html"><a title="IDAscope.idascope.core.structures" class="py-name" href="#" onclick="return doclink('link-6', 'structures', 'link-6');">structures</a></tt><tt class="py-op">.</tt><tt id="link-7" class="py-name" targets="Module IDAscope.idascope.core.structures.Segment=IDAscope.idascope.core.structures.Segment-module.html,Class IDAscope.idascope.core.structures.Segment.Segment=IDAscope.idascope.core.structures.Segment.Segment-class.html"><a title="IDAscope.idascope.core.structures.Segment
IDAscope.idascope.core.structures.Segment.Segment" class="py-name" href="#" onclick="return doclink('link-7', 'Segment', 'link-7');">Segment</a></tt> <tt class="py-keyword">import</tt> <tt id="link-8" class="py-name"><a title="IDAscope.idascope.core.structures.Segment
IDAscope.idascope.core.structures.Segment.Segment" class="py-name" href="#" onclick="return doclink('link-8', 'Segment', 'link-7');">Segment</a></tt> </tt>
<a name="L35"></a><tt class="py-lineno"> 35</tt>  <tt class="py-line"><tt class="py-keyword">from</tt> <tt id="link-9" class="py-name"><a title="IDAscope.idascope" class="py-name" href="#" onclick="return doclink('link-9', 'idascope', 'link-4');">idascope</a></tt><tt class="py-op">.</tt><tt id="link-10" class="py-name"><a title="IDAscope.idascope.core" class="py-name" href="#" onclick="return doclink('link-10', 'core', 'link-5');">core</a></tt><tt class="py-op">.</tt><tt id="link-11" class="py-name"><a title="IDAscope.idascope.core.structures" class="py-name" href="#" onclick="return doclink('link-11', 'structures', 'link-6');">structures</a></tt><tt class="py-op">.</tt><tt id="link-12" class="py-name" targets="Module IDAscope.idascope.core.structures.AritlogBasicBlock=IDAscope.idascope.core.structures.AritlogBasicBlock-module.html,Class IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock=IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock-class.html"><a title="IDAscope.idascope.core.structures.AritlogBasicBlock
IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock" class="py-name" href="#" onclick="return doclink('link-12', 'AritlogBasicBlock', 'link-12');">AritlogBasicBlock</a></tt> <tt class="py-keyword">import</tt> <tt id="link-13" class="py-name"><a title="IDAscope.idascope.core.structures.AritlogBasicBlock
IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock" class="py-name" href="#" onclick="return doclink('link-13', 'AritlogBasicBlock', 'link-12');">AritlogBasicBlock</a></tt> </tt>
<a name="L36"></a><tt class="py-lineno"> 36</tt>  <tt class="py-line"><tt class="py-keyword">from</tt> <tt id="link-14" class="py-name"><a title="IDAscope.idascope" class="py-name" href="#" onclick="return doclink('link-14', 'idascope', 'link-4');">idascope</a></tt><tt class="py-op">.</tt><tt id="link-15" class="py-name"><a title="IDAscope.idascope.core" class="py-name" href="#" onclick="return doclink('link-15', 'core', 'link-5');">core</a></tt><tt class="py-op">.</tt><tt id="link-16" class="py-name"><a title="IDAscope.idascope.core.structures" class="py-name" href="#" onclick="return doclink('link-16', 'structures', 'link-6');">structures</a></tt><tt class="py-op">.</tt><tt id="link-17" class="py-name" targets="Module IDAscope.idascope.core.structures.CryptoSignatureHit=IDAscope.idascope.core.structures.CryptoSignatureHit-module.html,Class IDAscope.idascope.core.structures.CryptoSignatureHit.CryptoSignatureHit=IDAscope.idascope.core.structures.CryptoSignatureHit.CryptoSignatureHit-class.html"><a title="IDAscope.idascope.core.structures.CryptoSignatureHit
IDAscope.idascope.core.structures.CryptoSignatureHit.CryptoSignatureHit" class="py-name" href="#" onclick="return doclink('link-17', 'CryptoSignatureHit', 'link-17');">CryptoSignatureHit</a></tt> <tt class="py-keyword">import</tt> <tt id="link-18" class="py-name"><a title="IDAscope.idascope.core.structures.CryptoSignatureHit
IDAscope.idascope.core.structures.CryptoSignatureHit.CryptoSignatureHit" class="py-name" href="#" onclick="return doclink('link-18', 'CryptoSignatureHit', 'link-17');">CryptoSignatureHit</a></tt> </tt>
<a name="L37"></a><tt class="py-lineno"> 37</tt>  <tt class="py-line"> </tt>
<a name="L38"></a><tt class="py-lineno"> 38</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier"></a><div id="CryptoIdentifier-def"><a name="L39"></a><tt class="py-lineno"> 39</tt> <a class="py-toggle" href="#" id="CryptoIdentifier-toggle" onclick="return toggle('CryptoIdentifier');">-</a><tt class="py-line"><tt class="py-keyword">class</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html">CryptoIdentifier</a><tt class="py-op">(</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier-collapsed" style="display:none;" pad="+++" indent="++++"></div><div id="CryptoIdentifier-expanded"><a name="L40"></a><tt class="py-lineno"> 40</tt>  <tt class="py-line">    <tt class="py-docstring">"""</tt> </tt>
<a name="L41"></a><tt class="py-lineno"> 41</tt>  <tt class="py-line"><tt class="py-docstring">    This class contains the logic to perform Crypto identification.</tt> </tt>
<a name="L42"></a><tt class="py-lineno"> 42</tt>  <tt class="py-line"><tt class="py-docstring">    Two techniques are currently supported:</tt> </tt>
<a name="L43"></a><tt class="py-lineno"> 43</tt>  <tt class="py-line"><tt class="py-docstring">    1. A heuristic approach that identifies functions and basic blocks</tt> </tt>
<a name="L44"></a><tt class="py-lineno"> 44</tt>  <tt class="py-line"><tt class="py-docstring">    based on the ratio of arithmetic/logic instructions to all instructions</tt> </tt>
<a name="L45"></a><tt class="py-lineno"> 45</tt>  <tt class="py-line"><tt class="py-docstring">    2. A signature-based approach, using the signatures defined in PatternManager</tt> </tt>
<a name="L46"></a><tt class="py-lineno"> 46</tt>  <tt class="py-line"><tt class="py-docstring">    """</tt> </tt>
<a name="L47"></a><tt class="py-lineno"> 47</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.__init__"></a><div id="CryptoIdentifier.__init__-def"><a name="L48"></a><tt class="py-lineno"> 48</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.__init__-toggle" onclick="return toggle('CryptoIdentifier.__init__');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#__init__">__init__</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.__init__-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.__init__-expanded"><a name="L49"></a><tt class="py-lineno"> 49</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">name</tt> <tt class="py-op">=</tt> <tt class="py-string">"CryptoIdentifier"</tt> </tt>
<a name="L50"></a><tt class="py-lineno"> 50</tt>  <tt class="py-line">        <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-string">"loading CryptoIdentifier"</tt><tt class="py-op">)</tt> </tt>
<a name="L51"></a><tt class="py-lineno"> 51</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">time</tt> <tt class="py-op">=</tt> <tt class="py-name">time</tt> </tt>
<a name="L52"></a><tt class="py-lineno"> 52</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">re</tt> <tt class="py-op">=</tt> <tt class="py-name">re</tt> </tt>
<a name="L53"></a><tt class="py-lineno"> 53</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-19" class="py-name"><a title="IDAscope.idascope.core.structures.CryptoSignatureHit
IDAscope.idascope.core.structures.CryptoSignatureHit.CryptoSignatureHit" class="py-name" href="#" onclick="return doclink('link-19', 'CryptoSignatureHit', 'link-17');">CryptoSignatureHit</a></tt> <tt class="py-op">=</tt> <tt id="link-20" class="py-name"><a title="IDAscope.idascope.core.structures.CryptoSignatureHit
IDAscope.idascope.core.structures.CryptoSignatureHit.CryptoSignatureHit" class="py-name" href="#" onclick="return doclink('link-20', 'CryptoSignatureHit', 'link-17');">CryptoSignatureHit</a></tt> </tt>
<a name="L54"></a><tt class="py-lineno"> 54</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-21" class="py-name"><a title="IDAscope.idascope.core.structures.AritlogBasicBlock
IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock" class="py-name" href="#" onclick="return doclink('link-21', 'AritlogBasicBlock', 'link-12');">AritlogBasicBlock</a></tt> <tt class="py-op">=</tt> <tt id="link-22" class="py-name"><a title="IDAscope.idascope.core.structures.AritlogBasicBlock
IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock" class="py-name" href="#" onclick="return doclink('link-22', 'AritlogBasicBlock', 'link-12');">AritlogBasicBlock</a></tt> </tt>
<a name="L55"></a><tt class="py-lineno"> 55</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-23" class="py-name"><a title="IDAscope.idascope.core.structures.Segment
IDAscope.idascope.core.structures.Segment.Segment" class="py-name" href="#" onclick="return doclink('link-23', 'Segment', 'link-7');">Segment</a></tt> <tt class="py-op">=</tt> <tt id="link-24" class="py-name"><a title="IDAscope.idascope.core.structures.Segment
IDAscope.idascope.core.structures.Segment.Segment" class="py-name" href="#" onclick="return doclink('link-24', 'Segment', 'link-7');">Segment</a></tt> </tt>
<a name="L56"></a><tt class="py-lineno"> 56</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">pm</tt> <tt class="py-op">=</tt> <tt id="link-25" class="py-name"><a title="IDAscope.idascope.core.PatternManager
IDAscope.idascope.core.PatternManager.PatternManager" class="py-name" href="#" onclick="return doclink('link-25', 'PatternManager', 'link-2');">PatternManager</a></tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
<a name="L57"></a><tt class="py-lineno"> 57</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_rating_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">0.4</tt> </tt>
<a name="L58"></a><tt class="py-lineno"> 58</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_rating_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">1.0</tt> </tt>
<a name="L59"></a><tt class="py-lineno"> 59</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_instruction_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">8</tt> </tt>
<a name="L60"></a><tt class="py-lineno"> 60</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_instruction_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">100</tt> </tt>
<a name="L61"></a><tt class="py-lineno"> 61</tt>  <tt class="py-line">        <tt class="py-comment"># if the threshold is set to this value, it is automatically expanded to infinite.</tt> </tt>
<a name="L62"></a><tt class="py-lineno"> 62</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">max_instruction_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">100</tt> </tt>
<a name="L63"></a><tt class="py-lineno"> 63</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_call_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">0</tt> </tt>
<a name="L64"></a><tt class="py-lineno"> 64</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_call_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">1</tt> </tt>
<a name="L65"></a><tt class="py-lineno"> 65</tt>  <tt class="py-line">        <tt class="py-comment"># if the threshold is set to this value, it is automatically expanded to infinite.</tt> </tt>
<a name="L66"></a><tt class="py-lineno"> 66</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">max_call_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">10</tt> </tt>
<a name="L67"></a><tt class="py-lineno"> 67</tt>  <tt class="py-line">        <tt class="py-comment"># if at least this fraction of a signature's length' has been identified</tt> </tt>
<a name="L68"></a><tt class="py-lineno"> 68</tt>  <tt class="py-line">        <tt class="py-comment"># consecutively, the location is marked as a signature hit.</tt> </tt>
<a name="L69"></a><tt class="py-lineno"> 69</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">match_filter_factor</tt> <tt class="py-op">=</tt> <tt class="py-number">0.5</tt> </tt>
<a name="L70"></a><tt class="py-lineno"> 70</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">aritlog_blocks</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L71"></a><tt class="py-lineno"> 71</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">signature_hits</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L72"></a><tt class="py-lineno"> 72</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt> <tt class="py-op">=</tt> <tt id="link-26" class="py-name"><a title="IDAscope.idascope.core.IdaProxy
IDAscope.idascope.core.IdaProxy.IdaProxy" class="py-name" href="#" onclick="return doclink('link-26', 'IdaProxy', 'link-0');">IdaProxy</a></tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
<a name="L73"></a><tt class="py-lineno"> 73</tt>  <tt class="py-line">        <tt class="py-keyword">return</tt> </tt>
</div><a name="L74"></a><tt class="py-lineno"> 74</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.scan"></a><div id="CryptoIdentifier.scan-def"><a name="L75"></a><tt class="py-lineno"> 75</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.scan-toggle" onclick="return toggle('CryptoIdentifier.scan');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#scan">scan</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.scan-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.scan-expanded"><a name="L76"></a><tt class="py-lineno"> 76</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L77"></a><tt class="py-lineno"> 77</tt>  <tt class="py-line"><tt class="py-docstring">        Scan the whole IDB with all available techniques.</tt> </tt>
<a name="L78"></a><tt class="py-lineno"> 78</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L79"></a><tt class="py-lineno"> 79</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-27" class="py-name" targets="Method IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.scan_aritlog()=IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#scan_aritlog"><a title="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.scan_aritlog" class="py-name" href="#" onclick="return doclink('link-27', 'scan_aritlog', 'link-27');">scan_aritlog</a></tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
<a name="L80"></a><tt class="py-lineno"> 80</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-28" class="py-name" targets="Method IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.scan_crypto_patterns()=IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#scan_crypto_patterns"><a title="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.scan_crypto_patterns" class="py-name" href="#" onclick="return doclink('link-28', 'scan_crypto_patterns', 'link-28');">scan_crypto_patterns</a></tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
</div><a name="L81"></a><tt class="py-lineno"> 81</tt>  <tt class="py-line"> </tt>
<a name="L82"></a><tt class="py-lineno"> 82</tt>  <tt class="py-line"><tt class="py-comment">################################################################################</tt> </tt>
<a name="L83"></a><tt class="py-lineno"> 83</tt>  <tt class="py-line"><tt class="py-comment"># Aritlog scanning</tt> </tt>
<a name="L84"></a><tt class="py-lineno"> 84</tt>  <tt class="py-line"><tt class="py-comment">################################################################################</tt> </tt>
<a name="L85"></a><tt class="py-lineno"> 85</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.scan_aritlog"></a><div id="CryptoIdentifier.scan_aritlog-def"><a name="L86"></a><tt class="py-lineno"> 86</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.scan_aritlog-toggle" onclick="return toggle('CryptoIdentifier.scan_aritlog');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#scan_aritlog">scan_aritlog</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.scan_aritlog-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.scan_aritlog-expanded"><a name="L87"></a><tt class="py-lineno"> 87</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L88"></a><tt class="py-lineno"> 88</tt>  <tt class="py-line"><tt class="py-docstring">        scan with the arithmetic/logic heuristic</tt> </tt>
<a name="L89"></a><tt class="py-lineno"> 89</tt>  <tt class="py-line"><tt class="py-docstring">        @return: a list of AritLogBasicBlock data objects that fulfill the parameters as specified</tt> </tt>
<a name="L90"></a><tt class="py-lineno"> 90</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L91"></a><tt class="py-lineno"> 91</tt>  <tt class="py-line">        <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-string">"Starting aritlog heuristic analysis."</tt><tt class="py-op">)</tt> </tt>
<a name="L92"></a><tt class="py-lineno"> 92</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">aritlog_blocks</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L93"></a><tt class="py-lineno"> 93</tt>  <tt class="py-line">        <tt class="py-name">time_before</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">time</tt><tt class="py-op">.</tt><tt class="py-name">time</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
<a name="L94"></a><tt class="py-lineno"> 94</tt>  <tt class="py-line">        <tt class="py-keyword">for</tt> <tt class="py-name">function_ea</tt> <tt class="py-keyword">in</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-29" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.Functions()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#Functions"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.Functions" class="py-name" href="#" onclick="return doclink('link-29', 'Functions', 'link-29');">Functions</a></tt><tt class="py-op">(</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L95"></a><tt class="py-lineno"> 95</tt>  <tt class="py-line">            <tt class="py-name">function_chart</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-30" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.FlowChart()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#FlowChart"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.FlowChart" class="py-name" href="#" onclick="return doclink('link-30', 'FlowChart', 'link-30');">FlowChart</a></tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-31" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.get_func()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#get_func"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.get_func" class="py-name" href="#" onclick="return doclink('link-31', 'get_func', 'link-31');">get_func</a></tt><tt class="py-op">(</tt><tt class="py-name">function_ea</tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L96"></a><tt class="py-lineno"> 96</tt>  <tt class="py-line">            <tt class="py-name">calls_in_function</tt> <tt class="py-op">=</tt> <tt class="py-number">0</tt> </tt>
<a name="L97"></a><tt class="py-lineno"> 97</tt>  <tt class="py-line">            <tt class="py-name">function_blocks</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L98"></a><tt class="py-lineno"> 98</tt>  <tt class="py-line">            <tt class="py-keyword">for</tt> <tt class="py-name">current_block</tt> <tt class="py-keyword">in</tt> <tt class="py-name">function_chart</tt><tt class="py-op">:</tt> </tt>
<a name="L99"></a><tt class="py-lineno"> 99</tt>  <tt class="py-line">                <tt class="py-name">block</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-32" class="py-name"><a title="IDAscope.idascope.core.structures.AritlogBasicBlock
IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock" class="py-name" href="#" onclick="return doclink('link-32', 'AritlogBasicBlock', 'link-12');">AritlogBasicBlock</a></tt><tt class="py-op">(</tt><tt class="py-name">current_block</tt><tt class="py-op">.</tt><tt class="py-name">startEA</tt><tt class="py-op">,</tt> <tt class="py-name">current_block</tt><tt class="py-op">.</tt><tt class="py-name">endEA</tt><tt class="py-op">)</tt> </tt>
<a name="L100"></a><tt class="py-lineno">100</tt>  <tt class="py-line">                <tt class="py-keyword">for</tt> <tt class="py-name">instruction</tt> <tt class="py-keyword">in</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-33" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.Heads()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#Heads"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.Heads" class="py-name" href="#" onclick="return doclink('link-33', 'Heads', 'link-33');">Heads</a></tt><tt class="py-op">(</tt><tt class="py-name">block</tt><tt class="py-op">.</tt><tt class="py-name">start_ea</tt><tt class="py-op">,</tt> <tt class="py-name">block</tt><tt class="py-op">.</tt><tt class="py-name">end_ea</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L101"></a><tt class="py-lineno">101</tt>  <tt class="py-line">                    <tt class="py-keyword">if</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-34" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.isCode()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#isCode"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.isCode" class="py-name" href="#" onclick="return doclink('link-34', 'isCode', 'link-34');">isCode</a></tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-35" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.GetFlags()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#GetFlags"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.GetFlags" class="py-name" href="#" onclick="return doclink('link-35', 'GetFlags', 'link-35');">GetFlags</a></tt><tt class="py-op">(</tt><tt class="py-name">instruction</tt><tt class="py-op">)</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L102"></a><tt class="py-lineno">102</tt>  <tt class="py-line">                        <tt class="py-name">mnemonic</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-36" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.GetMnem()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#GetMnem"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.GetMnem" class="py-name" href="#" onclick="return doclink('link-36', 'GetMnem', 'link-36');">GetMnem</a></tt><tt class="py-op">(</tt><tt class="py-name">instruction</tt><tt class="py-op">)</tt> </tt>
<a name="L103"></a><tt class="py-lineno">103</tt>  <tt class="py-line">                        <tt class="py-name">has_identical_operands</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-37" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.GetOperandValue()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#GetOperandValue"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.GetOperandValue" class="py-name" href="#" onclick="return doclink('link-37', 'GetOperandValue', 'link-37');">GetOperandValue</a></tt><tt class="py-op">(</tt><tt class="py-name">instruction</tt><tt class="py-op">,</tt> <tt class="py-number">0</tt><tt class="py-op">)</tt> <tt class="py-op">==</tt> \ </tt>
<a name="L104"></a><tt class="py-lineno">104</tt>  <tt class="py-line">                            <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-38" class="py-name"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.GetOperandValue" class="py-name" href="#" onclick="return doclink('link-38', 'GetOperandValue', 'link-37');">GetOperandValue</a></tt><tt class="py-op">(</tt><tt class="py-name">instruction</tt><tt class="py-op">,</tt> <tt class="py-number">1</tt><tt class="py-op">)</tt> </tt>
<a name="L105"></a><tt class="py-lineno">105</tt>  <tt class="py-line">                        <tt class="py-name">block</tt><tt class="py-op">.</tt><tt id="link-39" class="py-name" targets="Method IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock.update_instruction_count()=IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock-class.html#update_instruction_count"><a title="IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock.update_instruction_count" class="py-name" href="#" onclick="return doclink('link-39', 'update_instruction_count', 'link-39');">update_instruction_count</a></tt><tt class="py-op">(</tt><tt class="py-name">mnemonic</tt><tt class="py-op">,</tt> <tt class="py-name">has_identical_operands</tt><tt class="py-op">)</tt> </tt>
<a name="L106"></a><tt class="py-lineno">106</tt>  <tt class="py-line">                        <tt class="py-keyword">if</tt> <tt class="py-name">mnemonic</tt> <tt class="py-op">==</tt> <tt class="py-string">"call"</tt><tt class="py-op">:</tt> </tt>
<a name="L107"></a><tt class="py-lineno">107</tt>  <tt class="py-line">                            <tt class="py-name">calls_in_function</tt> <tt class="py-op">+=</tt> <tt class="py-number">1</tt> </tt>
<a name="L108"></a><tt class="py-lineno">108</tt>  <tt class="py-line">                <tt class="py-name">function_blocks</tt><tt class="py-op">.</tt><tt class="py-name">append</tt><tt class="py-op">(</tt><tt class="py-name">block</tt><tt class="py-op">)</tt> </tt>
<a name="L109"></a><tt class="py-lineno">109</tt>  <tt class="py-line">            <tt class="py-keyword">for</tt> <tt class="py-name">block</tt> <tt class="py-keyword">in</tt> <tt class="py-name">function_blocks</tt><tt class="py-op">:</tt> </tt>
<a name="L110"></a><tt class="py-lineno">110</tt>  <tt class="py-line">                <tt class="py-name">block</tt><tt class="py-op">.</tt><tt class="py-name">num_calls_in_function</tt> <tt class="py-op">=</tt> <tt class="py-name">calls_in_function</tt> </tt>
<a name="L111"></a><tt class="py-lineno">111</tt>  <tt class="py-line">            <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">aritlog_blocks</tt><tt class="py-op">.</tt><tt class="py-name">extend</tt><tt class="py-op">(</tt><tt class="py-name">function_blocks</tt><tt class="py-op">)</tt> </tt>
<a name="L112"></a><tt class="py-lineno">112</tt>  <tt class="py-line">        <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-string">"Analysis took %3.2f seconds"</tt> <tt class="py-op">%</tt> <tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">time</tt><tt class="py-op">.</tt><tt class="py-name">time</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> <tt class="py-op">-</tt> <tt class="py-name">time_before</tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L113"></a><tt class="py-lineno">113</tt>  <tt class="py-line"> </tt>
<a name="L114"></a><tt class="py-lineno">114</tt>  <tt class="py-line">        <tt class="py-keyword">return</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-40" class="py-name" targets="Method IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.get_aritlog_blocks()=IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_aritlog_blocks"><a title="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.get_aritlog_blocks" class="py-name" href="#" onclick="return doclink('link-40', 'get_aritlog_blocks', 'link-40');">get_aritlog_blocks</a></tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_rating_threshold</tt><tt class="py-op">,</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_rating_threshold</tt><tt class="py-op">,</tt> </tt>
<a name="L115"></a><tt class="py-lineno">115</tt>  <tt class="py-line">            <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_instruction_threshold</tt><tt class="py-op">,</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_instruction_threshold</tt><tt class="py-op">,</tt> </tt>
<a name="L116"></a><tt class="py-lineno">116</tt>  <tt class="py-line">            <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_call_threshold</tt><tt class="py-op">,</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_call_threshold</tt><tt class="py-op">,</tt> </tt>
<a name="L117"></a><tt class="py-lineno">117</tt>  <tt class="py-line">            <tt class="py-name">False</tt><tt class="py-op">)</tt> </tt>
</div><a name="L118"></a><tt class="py-lineno">118</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.update_thresholds"></a><div id="CryptoIdentifier.update_thresholds-def"><a name="L119"></a><tt class="py-lineno">119</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.update_thresholds-toggle" onclick="return toggle('CryptoIdentifier.update_thresholds');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#update_thresholds">update_thresholds</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">min_rating</tt><tt class="py-op">,</tt> <tt class="py-param">max_rating</tt><tt class="py-op">,</tt> <tt class="py-param">min_instr</tt><tt class="py-op">,</tt> <tt class="py-param">max_instr</tt><tt class="py-op">,</tt> <tt class="py-param">min_call</tt><tt class="py-op">,</tt> <tt class="py-param">max_call</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.update_thresholds-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.update_thresholds-expanded"><a name="L120"></a><tt class="py-lineno">120</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L121"></a><tt class="py-lineno">121</tt>  <tt class="py-line"><tt class="py-docstring">        update all six threshold bounds</tt> </tt>
<a name="L122"></a><tt class="py-lineno">122</tt>  <tt class="py-line"><tt class="py-docstring">        @param min_rating: the minimum arit/log ratio a basic block must have</tt> </tt>
<a name="L123"></a><tt class="py-lineno">123</tt>  <tt class="py-line"><tt class="py-docstring">        @type min_rating: float</tt> </tt>
<a name="L124"></a><tt class="py-lineno">124</tt>  <tt class="py-line"><tt class="py-docstring">        @param max_rating: the maximum arit/log ratio a basic block can have</tt> </tt>
<a name="L125"></a><tt class="py-lineno">125</tt>  <tt class="py-line"><tt class="py-docstring">        @type max_rating: float</tt> </tt>
<a name="L126"></a><tt class="py-lineno">126</tt>  <tt class="py-line"><tt class="py-docstring">        @param min_instr: the minimum number of instructions a basic block must have</tt> </tt>
<a name="L127"></a><tt class="py-lineno">127</tt>  <tt class="py-line"><tt class="py-docstring">        @type min_instr: int</tt> </tt>
<a name="L128"></a><tt class="py-lineno">128</tt>  <tt class="py-line"><tt class="py-docstring">        @param max_instr: the minimum number of instructions a basic block can have</tt> </tt>
<a name="L129"></a><tt class="py-lineno">129</tt>  <tt class="py-line"><tt class="py-docstring">        @type max_instr: int</tt> </tt>
<a name="L130"></a><tt class="py-lineno">130</tt>  <tt class="py-line"><tt class="py-docstring">        @param min_call: the minimum number of calls a basic block must have</tt> </tt>
<a name="L131"></a><tt class="py-lineno">131</tt>  <tt class="py-line"><tt class="py-docstring">        @type min_call: int</tt> </tt>
<a name="L132"></a><tt class="py-lineno">132</tt>  <tt class="py-line"><tt class="py-docstring">        @param max_call: the minimum number of calls a basic block can have</tt> </tt>
<a name="L133"></a><tt class="py-lineno">133</tt>  <tt class="py-line"><tt class="py-docstring">        @type max_call: int</tt> </tt>
<a name="L134"></a><tt class="py-lineno">134</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L135"></a><tt class="py-lineno">135</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_rating_threshold</tt> <tt class="py-op">=</tt> <tt class="py-name">max</tt><tt class="py-op">(</tt><tt class="py-number">0.0</tt><tt class="py-op">,</tt> <tt class="py-name">min_rating</tt><tt class="py-op">)</tt> </tt>
<a name="L136"></a><tt class="py-lineno">136</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_rating_threshold</tt> <tt class="py-op">=</tt> <tt class="py-name">min</tt><tt class="py-op">(</tt><tt class="py-number">1.0</tt><tt class="py-op">,</tt> <tt class="py-name">max_rating</tt><tt class="py-op">)</tt> </tt>
<a name="L137"></a><tt class="py-lineno">137</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_instruction_threshold</tt> <tt class="py-op">=</tt> <tt class="py-name">max</tt><tt class="py-op">(</tt><tt class="py-number">0</tt><tt class="py-op">,</tt> <tt class="py-name">min_instr</tt><tt class="py-op">)</tt> </tt>
<a name="L138"></a><tt class="py-lineno">138</tt>  <tt class="py-line">        <tt class="py-keyword">if</tt> <tt class="py-name">max_instr</tt> <tt class="py-op">&gt;=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">max_instruction_threshold</tt><tt class="py-op">:</tt> </tt>
<a name="L139"></a><tt class="py-lineno">139</tt>  <tt class="py-line">            <tt class="py-comment"># we cap the value here and safely assume there is no block with more than 1000000 instructions</tt> </tt>
<a name="L140"></a><tt class="py-lineno">140</tt>  <tt class="py-line">            <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_instruction_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">1000000</tt> </tt>
<a name="L141"></a><tt class="py-lineno">141</tt>  <tt class="py-line">        <tt class="py-keyword">else</tt><tt class="py-op">:</tt> </tt>
<a name="L142"></a><tt class="py-lineno">142</tt>  <tt class="py-line">            <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_instruction_threshold</tt> <tt class="py-op">=</tt> <tt class="py-name">max_instr</tt> </tt>
<a name="L143"></a><tt class="py-lineno">143</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_call_threshold</tt> <tt class="py-op">=</tt> <tt class="py-name">max</tt><tt class="py-op">(</tt><tt class="py-number">0</tt><tt class="py-op">,</tt> <tt class="py-name">min_call</tt><tt class="py-op">)</tt> </tt>
<a name="L144"></a><tt class="py-lineno">144</tt>  <tt class="py-line">        <tt class="py-keyword">if</tt> <tt class="py-name">max_call</tt> <tt class="py-op">&gt;=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">max_call_threshold</tt><tt class="py-op">:</tt> </tt>
<a name="L145"></a><tt class="py-lineno">145</tt>  <tt class="py-line">            <tt class="py-comment"># we cap the value here and safely assume there is no block with more than 1000000 instructions</tt> </tt>
<a name="L146"></a><tt class="py-lineno">146</tt>  <tt class="py-line">            <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_call_threshold</tt> <tt class="py-op">=</tt> <tt class="py-number">1000000</tt> </tt>
<a name="L147"></a><tt class="py-lineno">147</tt>  <tt class="py-line">        <tt class="py-keyword">else</tt><tt class="py-op">:</tt> </tt>
<a name="L148"></a><tt class="py-lineno">148</tt>  <tt class="py-line">            <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_call_threshold</tt> <tt class="py-op">=</tt> <tt class="py-name">max_call</tt> </tt>
</div><a name="L149"></a><tt class="py-lineno">149</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.get_aritlog_blocks"></a><div id="CryptoIdentifier.get_aritlog_blocks-def"><a name="L150"></a><tt class="py-lineno">150</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.get_aritlog_blocks-toggle" onclick="return toggle('CryptoIdentifier.get_aritlog_blocks');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_aritlog_blocks">get_aritlog_blocks</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">min_rating</tt><tt class="py-op">,</tt> <tt class="py-param">max_rating</tt><tt class="py-op">,</tt> <tt class="py-param">min_instr</tt><tt class="py-op">,</tt> <tt class="py-param">max_instr</tt><tt class="py-op">,</tt> <tt class="py-param">min_api</tt><tt class="py-op">,</tt> <tt class="py-param">max_api</tt><tt class="py-op">,</tt> <tt class="py-param">is_nonzero</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.get_aritlog_blocks-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.get_aritlog_blocks-expanded"><a name="L151"></a><tt class="py-lineno">151</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L152"></a><tt class="py-lineno">152</tt>  <tt class="py-line"><tt class="py-docstring">        get all blocks that are within the limits specified by the heuristic parameters.</tt> </tt>
<a name="L153"></a><tt class="py-lineno">153</tt>  <tt class="py-line"><tt class="py-docstring">        parameters are the same as in function "update_thresholds" except</tt> </tt>
<a name="L154"></a><tt class="py-lineno">154</tt>  <tt class="py-line"><tt class="py-docstring">        param is_nonzero: defines whether zeroing instructions (like xor eax, eax) shall be counted or not.</tt> </tt>
<a name="L155"></a><tt class="py-lineno">155</tt>  <tt class="py-line"><tt class="py-docstring">        type is_nonzero: boolean</tt> </tt>
<a name="L156"></a><tt class="py-lineno">156</tt>  <tt class="py-line"><tt class="py-docstring">        @return: a list of AritlogBasicBlock data objects, according to the parameters</tt> </tt>
<a name="L157"></a><tt class="py-lineno">157</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L158"></a><tt class="py-lineno">158</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-41" class="py-name" targets="Method IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.update_thresholds()=IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#update_thresholds"><a title="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.update_thresholds" class="py-name" href="#" onclick="return doclink('link-41', 'update_thresholds', 'link-41');">update_thresholds</a></tt><tt class="py-op">(</tt><tt class="py-name">min_rating</tt><tt class="py-op">,</tt> <tt class="py-name">max_rating</tt><tt class="py-op">,</tt> <tt class="py-name">min_instr</tt><tt class="py-op">,</tt> <tt class="py-name">max_instr</tt><tt class="py-op">,</tt> <tt class="py-name">min_api</tt><tt class="py-op">,</tt> <tt class="py-name">max_api</tt><tt class="py-op">)</tt> </tt>
<a name="L159"></a><tt class="py-lineno">159</tt>  <tt class="py-line">        <tt class="py-keyword">return</tt> <tt class="py-op">[</tt><tt class="py-name">block</tt> <tt class="py-keyword">for</tt> <tt class="py-name">block</tt> <tt class="py-keyword">in</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">aritlog_blocks</tt> <tt class="py-keyword">if</tt> </tt>
<a name="L160"></a><tt class="py-lineno">160</tt>  <tt class="py-line">            <tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_rating_threshold</tt> <tt class="py-op">&gt;=</tt> <tt class="py-name">block</tt><tt class="py-op">.</tt><tt id="link-42" class="py-name" targets="Method IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock.get_aritlog_rating()=IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock-class.html#get_aritlog_rating"><a title="IDAscope.idascope.core.structures.AritlogBasicBlock.AritlogBasicBlock.get_aritlog_rating" class="py-name" href="#" onclick="return doclink('link-42', 'get_aritlog_rating', 'link-42');">get_aritlog_rating</a></tt><tt class="py-op">(</tt><tt class="py-name">is_nonzero</tt><tt class="py-op">)</tt> <tt class="py-op">&gt;=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_rating_threshold</tt><tt class="py-op">)</tt> <tt class="py-keyword">and</tt> </tt>
<a name="L161"></a><tt class="py-lineno">161</tt>  <tt class="py-line">            <tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_instruction_threshold</tt> <tt class="py-op">&gt;=</tt> <tt class="py-name">block</tt><tt class="py-op">.</tt><tt class="py-name">num_instructions</tt> <tt class="py-op">&gt;=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_instruction_threshold</tt><tt class="py-op">)</tt> <tt class="py-keyword">and</tt> </tt>
<a name="L162"></a><tt class="py-lineno">162</tt>  <tt class="py-line">            <tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">high_call_threshold</tt> <tt class="py-op">&gt;=</tt> <tt class="py-name">block</tt><tt class="py-op">.</tt><tt class="py-name">num_calls_in_function</tt> <tt class="py-op">&gt;=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">low_call_threshold</tt><tt class="py-op">)</tt><tt class="py-op">]</tt> </tt>
</div><a name="L163"></a><tt class="py-lineno">163</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.get_unfiltered_block_count"></a><div id="CryptoIdentifier.get_unfiltered_block_count-def"><a name="L164"></a><tt class="py-lineno">164</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.get_unfiltered_block_count-toggle" onclick="return toggle('CryptoIdentifier.get_unfiltered_block_count');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_unfiltered_block_count">get_unfiltered_block_count</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.get_unfiltered_block_count-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.get_unfiltered_block_count-expanded"><a name="L165"></a><tt class="py-lineno">165</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L166"></a><tt class="py-lineno">166</tt>  <tt class="py-line"><tt class="py-docstring">        returns the number of basic blocks that have been analyzed.</tt> </tt>
<a name="L167"></a><tt class="py-lineno">167</tt>  <tt class="py-line"><tt class="py-docstring">        @return: (int) number of basic blocks</tt> </tt>
<a name="L168"></a><tt class="py-lineno">168</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L169"></a><tt class="py-lineno">169</tt>  <tt class="py-line">        <tt class="py-keyword">return</tt> <tt class="py-name">len</tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">aritlog_blocks</tt><tt class="py-op">)</tt> </tt>
</div><a name="L170"></a><tt class="py-lineno">170</tt>  <tt class="py-line"> </tt>
<a name="L171"></a><tt class="py-lineno">171</tt>  <tt class="py-line"><tt class="py-comment">################################################################################</tt> </tt>
<a name="L172"></a><tt class="py-lineno">172</tt>  <tt class="py-line"><tt class="py-comment"># Signature scanning</tt> </tt>
<a name="L173"></a><tt class="py-lineno">173</tt>  <tt class="py-line"><tt class="py-comment">################################################################################</tt> </tt>
<a name="L174"></a><tt class="py-lineno">174</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.get_segment_data"></a><div id="CryptoIdentifier.get_segment_data-def"><a name="L175"></a><tt class="py-lineno">175</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.get_segment_data-toggle" onclick="return toggle('CryptoIdentifier.get_segment_data');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_segment_data">get_segment_data</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.get_segment_data-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.get_segment_data-expanded"><a name="L176"></a><tt class="py-lineno">176</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L177"></a><tt class="py-lineno">177</tt>  <tt class="py-line"><tt class="py-docstring">        returns the raw bytes of the segments as stored by IDA</tt> </tt>
<a name="L178"></a><tt class="py-lineno">178</tt>  <tt class="py-line"><tt class="py-docstring">        @return: a list of Segment data objects.</tt> </tt>
<a name="L179"></a><tt class="py-lineno">179</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L180"></a><tt class="py-lineno">180</tt>  <tt class="py-line">        <tt class="py-name">segments</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L181"></a><tt class="py-lineno">181</tt>  <tt class="py-line">        <tt class="py-keyword">for</tt> <tt class="py-name">segment_ea</tt> <tt class="py-keyword">in</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-43" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.Segments()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#Segments"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.Segments" class="py-name" href="#" onclick="return doclink('link-43', 'Segments', 'link-43');">Segments</a></tt><tt class="py-op">(</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L182"></a><tt class="py-lineno">182</tt>  <tt class="py-line">            <tt class="py-keyword">try</tt><tt class="py-op">:</tt> </tt>
<a name="L183"></a><tt class="py-lineno">183</tt>  <tt class="py-line">                <tt class="py-name">segment</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-44" class="py-name"><a title="IDAscope.idascope.core.structures.Segment
IDAscope.idascope.core.structures.Segment.Segment" class="py-name" href="#" onclick="return doclink('link-44', 'Segment', 'link-7');">Segment</a></tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
<a name="L184"></a><tt class="py-lineno">184</tt>  <tt class="py-line">                <tt class="py-name">segment</tt><tt class="py-op">.</tt><tt class="py-name">start_ea</tt> <tt class="py-op">=</tt> <tt class="py-name">segment_ea</tt> </tt>
<a name="L185"></a><tt class="py-lineno">185</tt>  <tt class="py-line">                <tt class="py-name">segment</tt><tt class="py-op">.</tt><tt class="py-name">end_ea</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-45" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.SegEnd()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#SegEnd"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.SegEnd" class="py-name" href="#" onclick="return doclink('link-45', 'SegEnd', 'link-45');">SegEnd</a></tt><tt class="py-op">(</tt><tt class="py-name">segment_ea</tt><tt class="py-op">)</tt> </tt>
<a name="L186"></a><tt class="py-lineno">186</tt>  <tt class="py-line">                <tt class="py-name">segment</tt><tt class="py-op">.</tt><tt class="py-name">name</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-46" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.SegName()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#SegName"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.SegName" class="py-name" href="#" onclick="return doclink('link-46', 'SegName', 'link-46');">SegName</a></tt><tt class="py-op">(</tt><tt class="py-name">segment_ea</tt><tt class="py-op">)</tt> </tt>
<a name="L187"></a><tt class="py-lineno">187</tt>  <tt class="py-line">                <tt class="py-name">buf</tt> <tt class="py-op">=</tt> <tt class="py-string">""</tt> </tt>
<a name="L188"></a><tt class="py-lineno">188</tt>  <tt class="py-line">                <tt class="py-keyword">for</tt> <tt class="py-name">ea</tt> <tt class="py-keyword">in</tt> <tt class="py-name">xrange</tt><tt class="py-op">(</tt><tt class="py-name">segment_ea</tt><tt class="py-op">,</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-47" class="py-name"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.SegEnd" class="py-name" href="#" onclick="return doclink('link-47', 'SegEnd', 'link-45');">SegEnd</a></tt><tt class="py-op">(</tt><tt class="py-name">segment_ea</tt><tt class="py-op">)</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L189"></a><tt class="py-lineno">189</tt>  <tt class="py-line">                    <tt class="py-name">buf</tt> <tt class="py-op">+=</tt> <tt class="py-name">chr</tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-48" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.get_byte()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#get_byte"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.get_byte" class="py-name" href="#" onclick="return doclink('link-48', 'get_byte', 'link-48');">get_byte</a></tt><tt class="py-op">(</tt><tt class="py-name">ea</tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L190"></a><tt class="py-lineno">190</tt>  <tt class="py-line">                <tt class="py-name">segment</tt><tt class="py-op">.</tt><tt id="link-49" class="py-name" targets="Package IDAscope.idascope.data=IDAscope.idascope.data-module.html"><a title="IDAscope.idascope.data" class="py-name" href="#" onclick="return doclink('link-49', 'data', 'link-49');">data</a></tt> <tt class="py-op">=</tt> <tt class="py-name">buf</tt> </tt>
<a name="L191"></a><tt class="py-lineno">191</tt>  <tt class="py-line">                <tt class="py-name">segments</tt><tt class="py-op">.</tt><tt class="py-name">append</tt><tt class="py-op">(</tt><tt class="py-name">segment</tt><tt class="py-op">)</tt> </tt>
<a name="L192"></a><tt class="py-lineno">192</tt>  <tt class="py-line">            <tt class="py-keyword">except</tt><tt class="py-op">:</tt> </tt>
<a name="L193"></a><tt class="py-lineno">193</tt>  <tt class="py-line">                <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-string">"Tried to access invalid segment data. An error has occurred while address conversion"</tt><tt class="py-op">)</tt> </tt>
<a name="L194"></a><tt class="py-lineno">194</tt>  <tt class="py-line">        <tt class="py-keyword">return</tt> <tt class="py-name">segments</tt> </tt>
</div><a name="L195"></a><tt class="py-lineno">195</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.scan_crypto_patterns"></a><div id="CryptoIdentifier.scan_crypto_patterns-def"><a name="L196"></a><tt class="py-lineno">196</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.scan_crypto_patterns-toggle" onclick="return toggle('CryptoIdentifier.scan_crypto_patterns');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#scan_crypto_patterns">scan_crypto_patterns</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">pattern_size</tt><tt class="py-op">=</tt><tt class="py-number">32</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.scan_crypto_patterns-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.scan_crypto_patterns-expanded"><a name="L197"></a><tt class="py-lineno">197</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L198"></a><tt class="py-lineno">198</tt>  <tt class="py-line"><tt class="py-docstring">        perform a scan ofr signatures. For matching, the standard python re module is used.</tt> </tt>
<a name="L199"></a><tt class="py-lineno">199</tt>  <tt class="py-line"><tt class="py-docstring">        @return: A list of CryptoSignatureHit data objects</tt> </tt>
<a name="L200"></a><tt class="py-lineno">200</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L201"></a><tt class="py-lineno">201</tt>  <tt class="py-line">        <tt class="py-name">crypt_results</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L202"></a><tt class="py-lineno">202</tt>  <tt class="py-line">        <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-string">"Starting aritlog function enumeration."</tt><tt class="py-op">)</tt> </tt>
<a name="L203"></a><tt class="py-lineno">203</tt>  <tt class="py-line">        <tt class="py-name">time_before_matching</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">time</tt><tt class="py-op">.</tt><tt class="py-name">time</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
<a name="L204"></a><tt class="py-lineno">204</tt>  <tt class="py-line">        <tt class="py-name">segments</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-50" class="py-name" targets="Method IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.get_segment_data()=IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_segment_data"><a title="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.get_segment_data" class="py-name" href="#" onclick="return doclink('link-50', 'get_segment_data', 'link-50');">get_segment_data</a></tt><tt class="py-op">(</tt><tt class="py-op">)</tt> </tt>
<a name="L205"></a><tt class="py-lineno">205</tt>  <tt class="py-line">        <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-string">"Segments under analysis: "</tt><tt class="py-op">)</tt> </tt>
<a name="L206"></a><tt class="py-lineno">206</tt>  <tt class="py-line">        <tt class="py-keyword">for</tt> <tt class="py-name">segment</tt> <tt class="py-keyword">in</tt> <tt class="py-name">segments</tt><tt class="py-op">:</tt> </tt>
<a name="L207"></a><tt class="py-lineno">207</tt>  <tt class="py-line">            <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-name">segment</tt><tt class="py-op">)</tt> </tt>
<a name="L208"></a><tt class="py-lineno">208</tt>  <tt class="py-line">        <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-string">"PatternManager initialized, number of signatures: %d"</tt> <tt class="py-op">%</tt> <tt class="py-name">len</tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">pm</tt><tt class="py-op">.</tt><tt id="link-51" class="py-name" targets="Variable IDAscope.idascope.core.PatternManager.PatternManager.signatures=IDAscope.idascope.core.PatternManager.PatternManager-class.html#signatures"><a title="IDAscope.idascope.core.PatternManager.PatternManager.signatures" class="py-name" href="#" onclick="return doclink('link-51', 'signatures', 'link-51');">signatures</a></tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L209"></a><tt class="py-lineno">209</tt>  <tt class="py-line">        <tt class="py-name">keywords</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">pm</tt><tt class="py-op">.</tt><tt id="link-52" class="py-name" targets="Method IDAscope.idascope.core.PatternManager.PatternManager.get_tokenized_signatures()=IDAscope.idascope.core.PatternManager.PatternManager-class.html#get_tokenized_signatures"><a title="IDAscope.idascope.core.PatternManager.PatternManager.get_tokenized_signatures" class="py-name" href="#" onclick="return doclink('link-52', 'get_tokenized_signatures', 'link-52');">get_tokenized_signatures</a></tt><tt class="py-op">(</tt><tt class="py-name">pattern_size</tt><tt class="py-op">)</tt> </tt>
<a name="L210"></a><tt class="py-lineno">210</tt>  <tt class="py-line">        <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-string">"PatternManager tokenized patterns into %d chunks of %d bytes"</tt> <tt class="py-op">%</tt> <tt class="py-op">(</tt><tt class="py-name">len</tt><tt class="py-op">(</tt><tt class="py-name">keywords</tt><tt class="py-op">.</tt><tt class="py-name">keys</tt><tt class="py-op">(</tt><tt class="py-op">)</tt><tt class="py-op">)</tt><tt class="py-op">,</tt> <tt class="py-name">pattern_size</tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L211"></a><tt class="py-lineno">211</tt>  <tt class="py-line">        <tt class="py-keyword">for</tt> <tt class="py-name">keyword</tt> <tt class="py-keyword">in</tt> <tt class="py-name">keywords</tt><tt class="py-op">.</tt><tt class="py-name">keys</tt><tt class="py-op">(</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L212"></a><tt class="py-lineno">212</tt>  <tt class="py-line">            <tt class="py-keyword">for</tt> <tt class="py-name">segment</tt> <tt class="py-keyword">in</tt> <tt class="py-name">segments</tt><tt class="py-op">:</tt> </tt>
<a name="L213"></a><tt class="py-lineno">213</tt>  <tt class="py-line">                <tt class="py-name">crypt_results</tt><tt class="py-op">.</tt><tt class="py-name">extend</tt><tt class="py-op">(</tt><tt class="py-op">[</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-53" class="py-name"><a title="IDAscope.idascope.core.structures.CryptoSignatureHit
IDAscope.idascope.core.structures.CryptoSignatureHit.CryptoSignatureHit" class="py-name" href="#" onclick="return doclink('link-53', 'CryptoSignatureHit', 'link-17');">CryptoSignatureHit</a></tt><tt class="py-op">(</tt><tt class="py-name">segment</tt><tt class="py-op">.</tt><tt class="py-name">start_ea</tt> <tt class="py-op">+</tt> <tt class="py-name">match</tt><tt class="py-op">.</tt><tt class="py-name">start</tt><tt class="py-op">(</tt><tt class="py-op">)</tt><tt class="py-op">,</tt> \ </tt>
<a name="L214"></a><tt class="py-lineno">214</tt>  <tt class="py-line">                    <tt class="py-name">keywords</tt><tt class="py-op">[</tt><tt class="py-name">keyword</tt><tt class="py-op">]</tt><tt class="py-op">,</tt> <tt class="py-name">keyword</tt><tt class="py-op">)</tt> <tt class="py-keyword">for</tt> <tt class="py-name">match</tt> <tt class="py-keyword">in</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">re</tt><tt class="py-op">.</tt><tt class="py-name">finditer</tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">re</tt><tt class="py-op">.</tt><tt class="py-name">escape</tt><tt class="py-op">(</tt><tt class="py-name">keyword</tt><tt class="py-op">)</tt><tt class="py-op">,</tt> <tt class="py-name">segment</tt><tt class="py-op">.</tt><tt id="link-54" class="py-name"><a title="IDAscope.idascope.data" class="py-name" href="#" onclick="return doclink('link-54', 'data', 'link-49');">data</a></tt><tt class="py-op">)</tt><tt class="py-op">]</tt><tt class="py-op">)</tt> </tt>
<a name="L215"></a><tt class="py-lineno">215</tt>  <tt class="py-line">        <tt class="py-keyword">print</tt> <tt class="py-op">(</tt><tt class="py-string">"Full matching took %3.2f seconds and resulted in %d hits"</tt> <tt class="py-op">%</tt> <tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">time</tt><tt class="py-op">.</tt><tt class="py-name">time</tt><tt class="py-op">(</tt><tt class="py-op">)</tt> <tt class="py-op">-</tt> <tt class="py-name">time_before_matching</tt><tt class="py-op">,</tt> \ </tt>
<a name="L216"></a><tt class="py-lineno">216</tt>  <tt class="py-line">            <tt class="py-name">len</tt><tt class="py-op">(</tt><tt class="py-name">crypt_results</tt><tt class="py-op">)</tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L217"></a><tt class="py-lineno">217</tt>  <tt class="py-line">        <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">signature_hits</tt> <tt class="py-op">=</tt> <tt class="py-name">crypt_results</tt> </tt>
<a name="L218"></a><tt class="py-lineno">218</tt>  <tt class="py-line">        <tt class="py-keyword">return</tt> <tt class="py-name">crypt_results</tt> </tt>
</div><a name="L219"></a><tt class="py-lineno">219</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.get_signature_length"></a><div id="CryptoIdentifier.get_signature_length-def"><a name="L220"></a><tt class="py-lineno">220</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.get_signature_length-toggle" onclick="return toggle('CryptoIdentifier.get_signature_length');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_signature_length">get_signature_length</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">signature_name</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.get_signature_length-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.get_signature_length-expanded"><a name="L221"></a><tt class="py-lineno">221</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L222"></a><tt class="py-lineno">222</tt>  <tt class="py-line"><tt class="py-docstring">        returns the length for a signature, identified by its name</tt> </tt>
<a name="L223"></a><tt class="py-lineno">223</tt>  <tt class="py-line"><tt class="py-docstring">        @param signature_name: name for a signature, e.g. "ADLER 32"</tt> </tt>
<a name="L224"></a><tt class="py-lineno">224</tt>  <tt class="py-line"><tt class="py-docstring">        @type signature_name: str</tt> </tt>
<a name="L225"></a><tt class="py-lineno">225</tt>  <tt class="py-line"><tt class="py-docstring">        @return: (int) length of the signature.</tt> </tt>
<a name="L226"></a><tt class="py-lineno">226</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L227"></a><tt class="py-lineno">227</tt>  <tt class="py-line">        <tt class="py-keyword">for</tt> <tt class="py-name">item</tt> <tt class="py-keyword">in</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">pm</tt><tt class="py-op">.</tt><tt id="link-55" class="py-name"><a title="IDAscope.idascope.core.PatternManager.PatternManager.signatures" class="py-name" href="#" onclick="return doclink('link-55', 'signatures', 'link-51');">signatures</a></tt><tt class="py-op">.</tt><tt class="py-name">items</tt><tt class="py-op">(</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L228"></a><tt class="py-lineno">228</tt>  <tt class="py-line">            <tt class="py-keyword">if</tt> <tt class="py-name">item</tt><tt class="py-op">[</tt><tt class="py-number">1</tt><tt class="py-op">]</tt> <tt class="py-op">==</tt> <tt class="py-name">signature_name</tt><tt class="py-op">:</tt> </tt>
<a name="L229"></a><tt class="py-lineno">229</tt>  <tt class="py-line">                <tt class="py-keyword">return</tt> <tt class="py-name">len</tt><tt class="py-op">(</tt><tt class="py-name">item</tt><tt class="py-op">[</tt><tt class="py-number">0</tt><tt class="py-op">]</tt><tt class="py-op">)</tt> </tt>
<a name="L230"></a><tt class="py-lineno">230</tt>  <tt class="py-line">        <tt class="py-keyword">return</tt> <tt class="py-number">0</tt> </tt>
</div><a name="L231"></a><tt class="py-lineno">231</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.get_xrefs_to_address"></a><div id="CryptoIdentifier.get_xrefs_to_address-def"><a name="L232"></a><tt class="py-lineno">232</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.get_xrefs_to_address-toggle" onclick="return toggle('CryptoIdentifier.get_xrefs_to_address');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_xrefs_to_address">get_xrefs_to_address</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">,</tt> <tt class="py-param">address</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.get_xrefs_to_address-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.get_xrefs_to_address-expanded"><a name="L233"></a><tt class="py-lineno">233</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L234"></a><tt class="py-lineno">234</tt>  <tt class="py-line"><tt class="py-docstring">        get all references to a certain address.</tt> </tt>
<a name="L235"></a><tt class="py-lineno">235</tt>  <tt class="py-line"><tt class="py-docstring">        These are no xrefs in IDA sense but references to the crypto signatures.</tt> </tt>
<a name="L236"></a><tt class="py-lineno">236</tt>  <tt class="py-line"><tt class="py-docstring">        If the signature points to an instruction, e.g. if a constant is moved to a register, the return is flagged as</tt> </tt>
<a name="L237"></a><tt class="py-lineno">237</tt>  <tt class="py-line"><tt class="py-docstring">        "True", meaning it is an in-code reference.</tt> </tt>
<a name="L238"></a><tt class="py-lineno">238</tt>  <tt class="py-line"><tt class="py-docstring">        @param address: an arbitrary address</tt> </tt>
<a name="L239"></a><tt class="py-lineno">239</tt>  <tt class="py-line"><tt class="py-docstring">        @type address: int</tt> </tt>
<a name="L240"></a><tt class="py-lineno">240</tt>  <tt class="py-line"><tt class="py-docstring">        @return: a list of tuples (int, boolean)</tt> </tt>
<a name="L241"></a><tt class="py-lineno">241</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L242"></a><tt class="py-lineno">242</tt>  <tt class="py-line">        <tt class="py-name">xrefs</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L243"></a><tt class="py-lineno">243</tt>  <tt class="py-line">        <tt class="py-name">head_to_address</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-56" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.PrevHead()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#PrevHead"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.PrevHead" class="py-name" href="#" onclick="return doclink('link-56', 'PrevHead', 'link-56');">PrevHead</a></tt><tt class="py-op">(</tt><tt class="py-name">address</tt><tt class="py-op">,</tt> <tt class="py-name">address</tt> <tt class="py-op">-</tt> <tt class="py-number">14</tt><tt class="py-op">)</tt> </tt>
<a name="L244"></a><tt class="py-lineno">244</tt>  <tt class="py-line">        <tt class="py-keyword">if</tt> <tt class="py-name">head_to_address</tt> <tt class="py-op">!=</tt> <tt class="py-number">0xFFFFFFFF</tt><tt class="py-op">:</tt> </tt>
<a name="L245"></a><tt class="py-lineno">245</tt>  <tt class="py-line">            <tt id="link-57" class="py-name" targets="Variable IDAscope.IDAscope.IDAscopePlugin.flags=IDAscope.IDAscope.IDAscopePlugin-class.html#flags"><a title="IDAscope.IDAscope.IDAscopePlugin.flags" class="py-name" href="#" onclick="return doclink('link-57', 'flags', 'link-57');">flags</a></tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-58" class="py-name"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.GetFlags" class="py-name" href="#" onclick="return doclink('link-58', 'GetFlags', 'link-35');">GetFlags</a></tt><tt class="py-op">(</tt><tt class="py-name">head_to_address</tt><tt class="py-op">)</tt> </tt>
<a name="L246"></a><tt class="py-lineno">246</tt>  <tt class="py-line">            <tt class="py-keyword">if</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-59" class="py-name"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.isCode" class="py-name" href="#" onclick="return doclink('link-59', 'isCode', 'link-34');">isCode</a></tt><tt class="py-op">(</tt><tt id="link-60" class="py-name"><a title="IDAscope.IDAscope.IDAscopePlugin.flags" class="py-name" href="#" onclick="return doclink('link-60', 'flags', 'link-57');">flags</a></tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L247"></a><tt class="py-lineno">247</tt>  <tt class="py-line">                <tt class="py-name">xrefs</tt><tt class="py-op">.</tt><tt class="py-name">append</tt><tt class="py-op">(</tt><tt class="py-op">(</tt><tt class="py-name">head_to_address</tt><tt class="py-op">,</tt> <tt class="py-name">True</tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L248"></a><tt class="py-lineno">248</tt>  <tt class="py-line">        <tt class="py-keyword">for</tt> <tt class="py-name">x</tt> <tt class="py-keyword">in</tt>  <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-61" class="py-name" targets="Method IDAscope.idascope.core.IdaProxy.IdaProxy.XrefsTo()=IDAscope.idascope.core.IdaProxy.IdaProxy-class.html#XrefsTo"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.XrefsTo" class="py-name" href="#" onclick="return doclink('link-61', 'XrefsTo', 'link-61');">XrefsTo</a></tt><tt class="py-op">(</tt><tt class="py-name">address</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L249"></a><tt class="py-lineno">249</tt>  <tt class="py-line">            <tt id="link-62" class="py-name"><a title="IDAscope.IDAscope.IDAscopePlugin.flags" class="py-name" href="#" onclick="return doclink('link-62', 'flags', 'link-57');">flags</a></tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-63" class="py-name"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.GetFlags" class="py-name" href="#" onclick="return doclink('link-63', 'GetFlags', 'link-35');">GetFlags</a></tt><tt class="py-op">(</tt><tt class="py-name">x</tt><tt class="py-op">.</tt><tt class="py-name">frm</tt><tt class="py-op">)</tt> </tt>
<a name="L250"></a><tt class="py-lineno">250</tt>  <tt class="py-line">            <tt class="py-keyword">if</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">ida_proxy</tt><tt class="py-op">.</tt><tt id="link-64" class="py-name"><a title="IDAscope.idascope.core.IdaProxy.IdaProxy.isCode" class="py-name" href="#" onclick="return doclink('link-64', 'isCode', 'link-34');">isCode</a></tt><tt class="py-op">(</tt><tt id="link-65" class="py-name"><a title="IDAscope.IDAscope.IDAscopePlugin.flags" class="py-name" href="#" onclick="return doclink('link-65', 'flags', 'link-57');">flags</a></tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L251"></a><tt class="py-lineno">251</tt>  <tt class="py-line">                <tt class="py-name">xrefs</tt><tt class="py-op">.</tt><tt class="py-name">append</tt><tt class="py-op">(</tt><tt class="py-op">(</tt><tt class="py-name">x</tt><tt class="py-op">.</tt><tt class="py-name">frm</tt><tt class="py-op">,</tt> <tt class="py-name">False</tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L252"></a><tt class="py-lineno">252</tt>  <tt class="py-line">        <tt class="py-keyword">return</tt> <tt class="py-name">xrefs</tt> </tt>
</div><a name="L253"></a><tt class="py-lineno">253</tt>  <tt class="py-line"> </tt>
<a name="CryptoIdentifier.get_signature_hits"></a><div id="CryptoIdentifier.get_signature_hits-def"><a name="L254"></a><tt class="py-lineno">254</tt> <a class="py-toggle" href="#" id="CryptoIdentifier.get_signature_hits-toggle" onclick="return toggle('CryptoIdentifier.get_signature_hits');">-</a><tt class="py-line">    <tt class="py-keyword">def</tt> <a class="py-def-name" href="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_signature_hits">get_signature_hits</a><tt class="py-op">(</tt><tt class="py-param">self</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
</div><div id="CryptoIdentifier.get_signature_hits-collapsed" style="display:none;" pad="+++" indent="++++++++"></div><div id="CryptoIdentifier.get_signature_hits-expanded"><a name="L255"></a><tt class="py-lineno">255</tt>  <tt class="py-line">        <tt class="py-docstring">"""</tt> </tt>
<a name="L256"></a><tt class="py-lineno">256</tt>  <tt class="py-line"><tt class="py-docstring">        Get all signature hits that have a length of at least match_filter_factor percent</tt> </tt>
<a name="L257"></a><tt class="py-lineno">257</tt>  <tt class="py-line"><tt class="py-docstring">        of the signature they triggered.</tt> </tt>
<a name="L258"></a><tt class="py-lineno">258</tt>  <tt class="py-line"><tt class="py-docstring">        Hits are grouped by signature names.</tt> </tt>
<a name="L259"></a><tt class="py-lineno">259</tt>  <tt class="py-line"><tt class="py-docstring">        @return: a dictionary  with key/value entries of the following form: ("signature name", [CryptoSignatureHit])</tt> </tt>
<a name="L260"></a><tt class="py-lineno">260</tt>  <tt class="py-line"><tt class="py-docstring">        """</tt> </tt>
<a name="L261"></a><tt class="py-lineno">261</tt>  <tt class="py-line">        <tt class="py-name">sorted_hits</tt> <tt class="py-op">=</tt> <tt class="py-name">sorted</tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">signature_hits</tt><tt class="py-op">)</tt> </tt>
<a name="L262"></a><tt class="py-lineno">262</tt>  <tt class="py-line">        <tt class="py-name">unified_hits</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L263"></a><tt class="py-lineno">263</tt>  <tt class="py-line"> </tt>
<a name="L264"></a><tt class="py-lineno">264</tt>  <tt class="py-line">        <tt class="py-name">previous_signature_names</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L265"></a><tt class="py-lineno">265</tt>  <tt class="py-line">        <tt class="py-keyword">for</tt> <tt class="py-name">hit</tt> <tt class="py-keyword">in</tt> <tt class="py-name">sorted_hits</tt><tt class="py-op">:</tt> </tt>
<a name="L266"></a><tt class="py-lineno">266</tt>  <tt class="py-line">            <tt class="py-name">hit_intersection</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-name">element</tt> <tt class="py-keyword">for</tt> <tt class="py-name">element</tt> <tt class="py-keyword">in</tt> <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">signature_names</tt> <tt class="py-keyword">if</tt> <tt class="py-name">element</tt> <tt class="py-keyword">in</tt> <tt class="py-name">previous_signature_names</tt><tt class="py-op">]</tt> </tt>
<a name="L267"></a><tt class="py-lineno">267</tt>  <tt class="py-line">            <tt class="py-keyword">if</tt> <tt class="py-name">len</tt><tt class="py-op">(</tt><tt class="py-name">hit_intersection</tt><tt class="py-op">)</tt> <tt class="py-op">==</tt> <tt class="py-number">0</tt><tt class="py-op">:</tt> </tt>
<a name="L268"></a><tt class="py-lineno">268</tt>  <tt class="py-line">                <tt class="py-name">previous_signature_names</tt> <tt class="py-op">=</tt> <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">signature_names</tt> </tt>
<a name="L269"></a><tt class="py-lineno">269</tt>  <tt class="py-line">                <tt class="py-name">unified_hits</tt><tt class="py-op">.</tt><tt class="py-name">append</tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-66" class="py-name"><a title="IDAscope.idascope.core.structures.CryptoSignatureHit
IDAscope.idascope.core.structures.CryptoSignatureHit.CryptoSignatureHit" class="py-name" href="#" onclick="return doclink('link-66', 'CryptoSignatureHit', 'link-17');">CryptoSignatureHit</a></tt><tt class="py-op">(</tt><tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">start_address</tt><tt class="py-op">,</tt> <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">signature_names</tt><tt class="py-op">,</tt> \ </tt>
<a name="L270"></a><tt class="py-lineno">270</tt>  <tt class="py-line">                    <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">matched_signature</tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L271"></a><tt class="py-lineno">271</tt>  <tt class="py-line">            <tt class="py-keyword">else</tt><tt class="py-op">:</tt> </tt>
<a name="L272"></a><tt class="py-lineno">272</tt>  <tt class="py-line">                <tt class="py-name">previous_signature_names</tt> <tt class="py-op">=</tt> <tt class="py-name">hit_intersection</tt> </tt>
<a name="L273"></a><tt class="py-lineno">273</tt>  <tt class="py-line">                <tt class="py-name">previous_hit</tt> <tt class="py-op">=</tt> <tt class="py-name">unified_hits</tt><tt class="py-op">[</tt><tt class="py-op">-</tt><tt class="py-number">1</tt><tt class="py-op">]</tt> </tt>
<a name="L274"></a><tt class="py-lineno">274</tt>  <tt class="py-line">                <tt class="py-keyword">if</tt> <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">start_address</tt> <tt class="py-op">==</tt> <tt class="py-name">previous_hit</tt><tt class="py-op">.</tt><tt class="py-name">start_address</tt> <tt class="py-op">+</tt> <tt class="py-name">len</tt><tt class="py-op">(</tt><tt class="py-name">previous_hit</tt><tt class="py-op">.</tt><tt class="py-name">matched_signature</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L275"></a><tt class="py-lineno">275</tt>  <tt class="py-line">                    <tt class="py-name">previous_hit</tt><tt class="py-op">.</tt><tt class="py-name">matched_signature</tt> <tt class="py-op">+=</tt> <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">matched_signature</tt> </tt>
<a name="L276"></a><tt class="py-lineno">276</tt>  <tt class="py-line">                    <tt class="py-name">previous_hit</tt><tt class="py-op">.</tt><tt class="py-name">signature_names</tt> <tt class="py-op">=</tt> <tt class="py-name">hit_intersection</tt> </tt>
<a name="L277"></a><tt class="py-lineno">277</tt>  <tt class="py-line">                <tt class="py-keyword">else</tt><tt class="py-op">:</tt> </tt>
<a name="L278"></a><tt class="py-lineno">278</tt>  <tt class="py-line">                    <tt class="py-name">unified_hits</tt><tt class="py-op">.</tt><tt class="py-name">append</tt><tt class="py-op">(</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-67" class="py-name"><a title="IDAscope.idascope.core.structures.CryptoSignatureHit
IDAscope.idascope.core.structures.CryptoSignatureHit.CryptoSignatureHit" class="py-name" href="#" onclick="return doclink('link-67', 'CryptoSignatureHit', 'link-17');">CryptoSignatureHit</a></tt><tt class="py-op">(</tt><tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">start_address</tt><tt class="py-op">,</tt> <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">signature_names</tt><tt class="py-op">,</tt> \ </tt>
<a name="L279"></a><tt class="py-lineno">279</tt>  <tt class="py-line">                        <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">matched_signature</tt><tt class="py-op">)</tt><tt class="py-op">)</tt> </tt>
<a name="L280"></a><tt class="py-lineno">280</tt>  <tt class="py-line"> </tt>
<a name="L281"></a><tt class="py-lineno">281</tt>  <tt class="py-line">        <tt class="py-name">filtered_hits</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-op">]</tt> </tt>
<a name="L282"></a><tt class="py-lineno">282</tt>  <tt class="py-line">        <tt class="py-keyword">for</tt> <tt class="py-name">hit</tt> <tt class="py-keyword">in</tt> <tt class="py-name">unified_hits</tt><tt class="py-op">:</tt> </tt>
<a name="L283"></a><tt class="py-lineno">283</tt>  <tt class="py-line">            <tt class="py-keyword">if</tt> <tt class="py-name">len</tt><tt class="py-op">(</tt><tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">matched_signature</tt><tt class="py-op">)</tt> <tt class="py-op">&gt;=</tt> <tt class="py-name">max</tt><tt class="py-op">(</tt><tt class="py-op">[</tt><tt class="py-name">self</tt><tt class="py-op">.</tt><tt class="py-name">match_filter_factor</tt> <tt class="py-op">*</tt> \ </tt>
<a name="L284"></a><tt class="py-lineno">284</tt>  <tt class="py-line">                <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-68" class="py-name" targets="Method IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.get_signature_length()=IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_signature_length"><a title="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.get_signature_length" class="py-name" href="#" onclick="return doclink('link-68', 'get_signature_length', 'link-68');">get_signature_length</a></tt><tt class="py-op">(</tt><tt class="py-name">name</tt><tt class="py-op">)</tt> <tt class="py-keyword">for</tt> <tt class="py-name">name</tt> <tt class="py-keyword">in</tt> <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">signature_names</tt><tt class="py-op">]</tt><tt class="py-op">)</tt><tt class="py-op">:</tt> </tt>
<a name="L285"></a><tt class="py-lineno">285</tt>  <tt class="py-line">                <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">code_refs_to</tt> <tt class="py-op">=</tt> <tt class="py-name">self</tt><tt class="py-op">.</tt><tt id="link-69" class="py-name" targets="Method IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.get_xrefs_to_address()=IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier-class.html#get_xrefs_to_address"><a title="IDAscope.idascope.core.CryptoIdentifier.CryptoIdentifier.get_xrefs_to_address" class="py-name" href="#" onclick="return doclink('link-69', 'get_xrefs_to_address', 'link-69');">get_xrefs_to_address</a></tt><tt class="py-op">(</tt><tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">start_address</tt><tt class="py-op">)</tt> </tt>
<a name="L286"></a><tt class="py-lineno">286</tt>  <tt class="py-line">                <tt class="py-name">filtered_hits</tt><tt class="py-op">.</tt><tt class="py-name">append</tt><tt class="py-op">(</tt><tt class="py-name">hit</tt><tt class="py-op">)</tt> </tt>
<a name="L287"></a><tt class="py-lineno">287</tt>  <tt class="py-line"> </tt>
<a name="L288"></a><tt class="py-lineno">288</tt>  <tt class="py-line">        <tt class="py-name">grouped_hits</tt> <tt class="py-op">=</tt> <tt class="py-op">{</tt><tt class="py-op">}</tt> </tt>
<a name="L289"></a><tt class="py-lineno">289</tt>  <tt class="py-line">        <tt class="py-keyword">for</tt> <tt class="py-name">hit</tt> <tt class="py-keyword">in</tt> <tt class="py-name">filtered_hits</tt><tt class="py-op">:</tt> </tt>
<a name="L290"></a><tt class="py-lineno">290</tt>  <tt class="py-line">            <tt class="py-keyword">for</tt> <tt class="py-name">name</tt> <tt class="py-keyword">in</tt> <tt class="py-name">hit</tt><tt class="py-op">.</tt><tt class="py-name">signature_names</tt><tt class="py-op">:</tt> </tt>
<a name="L291"></a><tt class="py-lineno">291</tt>  <tt class="py-line">                <tt class="py-keyword">if</tt> <tt class="py-name">name</tt> <tt class="py-keyword">not</tt> <tt class="py-keyword">in</tt> <tt class="py-name">grouped_hits</tt><tt class="py-op">:</tt> </tt>
<a name="L292"></a><tt class="py-lineno">292</tt>  <tt class="py-line">                    <tt class="py-name">grouped_hits</tt><tt class="py-op">[</tt><tt class="py-name">name</tt><tt class="py-op">]</tt> <tt class="py-op">=</tt> <tt class="py-op">[</tt><tt class="py-name">hit</tt><tt class="py-op">]</tt> </tt>
<a name="L293"></a><tt class="py-lineno">293</tt>  <tt class="py-line">                <tt class="py-keyword">else</tt><tt class="py-op">:</tt> </tt>
<a name="L294"></a><tt class="py-lineno">294</tt>  <tt class="py-line">                    <tt class="py-name">grouped_hits</tt><tt class="py-op">[</tt><tt class="py-name">name</tt><tt class="py-op">]</tt><tt class="py-op">.</tt><tt class="py-name">append</tt><tt class="py-op">(</tt><tt class="py-name">hit</tt><tt class="py-op">)</tt> </tt>
<a name="L295"></a><tt class="py-lineno">295</tt>  <tt class="py-line"> </tt>
<a name="L296"></a><tt class="py-lineno">296</tt>  <tt class="py-line">        <tt class="py-keyword">return</tt> <tt class="py-name">grouped_hits</tt> </tt>
</div></div><a name="L297"></a><tt class="py-lineno">297</tt>  <tt class="py-line"> </tt><script type="text/javascript">
<!--
expandto(location.href);
// -->
</script>
</pre>
<br />
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="IDAscope-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%%">
  <tr>
    <td align="left" class="footer">
    Generated by Epydoc 3.0.1 on Mon Sep 17 13:18:34 2012
    </td>
    <td align="right" class="footer">
      <a target="mainFrame" href="http://epydoc.sourceforge.net"
        >http://epydoc.sourceforge.net</a>
    </td>
  </tr>
</table>

<script type="text/javascript">
  <!--
  // Private objects are initially displayed (because if
  // javascript is turned off then we want them to be
  // visible); but by default, we want to hide them.  So hide
  // them unless we have a cookie that says to show them.
  checkCookie();
  // -->
</script>
</body>
</html>
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.