Source

simpliFiRE.IDAscope / documentation / epydoc / IDAscope.idascope.core.PatternManager.PatternManager-class.html

<?xml version="1.0" encoding="ascii"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>IDAscope.idascope.core.PatternManager.PatternManager</title>
  <link rel="stylesheet" href="epydoc.css" type="text/css" />
  <script type="text/javascript" src="epydoc.js"></script>
</head>

<body bgcolor="white" text="black" link="blue" vlink="#204080"
      alink="#204080">
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="IDAscope-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
  <tr valign="top">
    <td width="100%">
      <span class="breadcrumbs">
        <a href="IDAscope-module.html">Package&nbsp;IDAscope</a> ::
        <a href="IDAscope.idascope-module.html">Package&nbsp;idascope</a> ::
        <a href="IDAscope.idascope.core-module.html">Package&nbsp;core</a> ::
        <a href="IDAscope.idascope.core.PatternManager-module.html">Module&nbsp;PatternManager</a> ::
        Class&nbsp;PatternManager
      </span>
    </td>
    <td>
      <table cellpadding="0" cellspacing="0">
        <!-- hide/show private -->
        <tr><td align="right"><span class="options">[<a href="javascript:void(0);" class="privatelink"
    onclick="toggle_private();">hide&nbsp;private</a>]</span></td></tr>
        <tr><td align="right"><span class="options"
            >[<a href="frames.html" target="_top">frames</a
            >]&nbsp;|&nbsp;<a href="IDAscope.idascope.core.PatternManager.PatternManager-class.html"
            target="_top">no&nbsp;frames</a>]</span></td></tr>
      </table>
    </td>
  </tr>
</table>
<!-- ==================== CLASS DESCRIPTION ==================== -->
<h1 class="epydoc">Class PatternManager</h1><p class="nomargin-top"><span class="codelink"><a href="IDAscope.idascope.core.PatternManager-pysrc.html#PatternManager">source&nbsp;code</a></span></p>
<p>This class stores patterns for crypto detection and allows 
  manipulations on them, such as tokenizing into certain bytes lengths in 
  order to increase detection robustness.</p>

<!-- ==================== INSTANCE METHODS ==================== -->
<a name="section-InstanceMethods"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Instance Methods</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-InstanceMethods"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a name="__init__"></a><span class="summary-sig-name">__init__</span>(<span class="summary-sig-arg">self</span>)</span></td>
          <td align="right" valign="top">
            <span class="codelink"><a href="IDAscope.idascope.core.PatternManager-pysrc.html#PatternManager.__init__">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="IDAscope.idascope.core.PatternManager.PatternManager-class.html#get_tokenized_signatures" class="summary-sig-name">get_tokenized_signatures</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">pattern_length</span>)</span><br />
      Get the full collection of signature, but with each signature 
      tokenized in byte-strings of maximum length pattern_length.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="IDAscope.idascope.core.PatternManager-pysrc.html#PatternManager.get_tokenized_signatures">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr class="private">
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="IDAscope.idascope.core.PatternManager.PatternManager-class.html#_is_zero_token" class="summary-sig-name" onclick="show_private();">_is_zero_token</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">token</span>)</span><br />
      Check if the given token consists only of zero bytes</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="IDAscope.idascope.core.PatternManager-pysrc.html#PatternManager._is_zero_token">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a name="print_signatures"></a><span class="summary-sig-name">print_signatures</span>(<span class="summary-sig-arg">self</span>)</span><br />
      Used for informational purposes only, prints all names of signatures 
      defined in the PatternManager</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="IDAscope.idascope.core.PatternManager-pysrc.html#PatternManager.print_signatures">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
</table>
<!-- ==================== CLASS VARIABLES ==================== -->
<a name="section-ClassVariables"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Class Variables</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-ClassVariables"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="IDAscope.idascope.core.PatternManager.PatternManager-class.html#signatures" class="summary-name">signatures</a> = <code title="{'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x\
01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x02\x00\
\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x\
00\x03\x00\x00\x00\x03\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x04\
\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x05\x00\x00\x00\x05\x00\x\
00\x00\x05\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00': 'zinflate_len\
gthExtraBits',
..."><code class="variable-group">{</code>'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0<code class="variable-ellipsis">...</code></code>
    </td>
  </tr>
</table>
<!-- ==================== METHOD DETAILS ==================== -->
<a name="section-MethodDetails"></a>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Method Details</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-MethodDetails"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
</table>
<a name="get_tokenized_signatures"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">get_tokenized_signatures</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">pattern_length</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="IDAscope.idascope.core.PatternManager-pysrc.html#PatternManager.get_tokenized_signatures">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Get the full collection of signature, but with each signature 
  tokenized in byte-strings of maximum length pattern_length. The storage 
  format is almost the same as the signature storage, a dictionary of 
  key/value (&quot;byte_signature&quot;, [&quot;signature_name&quot;])</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>pattern_length</code></strong> (int)</li>
    </ul></dd>
  </dl>
</td></tr></table>
</div>
<a name="_is_zero_token"></a>
<div class="private">
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">_is_zero_token</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">token</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="IDAscope.idascope.core.PatternManager-pysrc.html#PatternManager._is_zero_token">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Check if the given token consists only of zero bytes</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>token</code></strong> (str) - a token to check for zero bytes</li>
    </ul></dd>
  </dl>
</td></tr></table>
</div>
<br />
<!-- ==================== CLASS VARIABLE DETAILS ==================== -->
<a name="section-ClassVariableDetails"></a>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Class Variable Details</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-ClassVariableDetails"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
</table>
<a name="signatures"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <h3 class="epydoc">signatures</h3>
  
  <dl class="fields">
  </dl>
  <dl class="fields">
    <dt>Value:</dt>
      <dd><table><tr><td><pre class="variable">
<code class="variable-group">{</code>'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00<span class="variable-linewrap"><img src="crarr.png" alt="\" /></span>
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x<span class="variable-linewrap"><img src="crarr.png" alt="\" /></span>
01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x02\x00<span class="variable-linewrap"><img src="crarr.png" alt="\" /></span>
\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x<span class="variable-linewrap"><img src="crarr.png" alt="\" /></span>
00\x03\x00\x00\x00\x03\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x04<span class="variable-linewrap"><img src="crarr.png" alt="\" /></span>
\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x05\x00\x00\x00\x05\x00\x<span class="variable-linewrap"><img src="crarr.png" alt="\" /></span>
00\x00\x05\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00'<code class="variable-op">: </code><code class="variable-quote">'</code><code class="variable-string">zinflate_len</code><span class="variable-linewrap"><img src="crarr.png" alt="\" /></span>
<code class="variable-string">gthExtraBits</code><code class="variable-quote">'</code><code class="variable-op">,</code>
<code class="variable-ellipsis">...</code>
</pre></td></tr></table>
</dd>
  </dl>
</td></tr></table>
</div>
<br />
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="IDAscope-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%%">
  <tr>
    <td align="left" class="footer">
    Generated by Epydoc 3.0.1 on Mon Sep 17 13:18:34 2012
    </td>
    <td align="right" class="footer">
      <a target="mainFrame" href="http://epydoc.sourceforge.net"
        >http://epydoc.sourceforge.net</a>
    </td>
  </tr>
</table>

<script type="text/javascript">
  <!--
  // Private objects are initially displayed (because if
  // javascript is turned off then we want them to be
  // visible); but by default, we want to hide them.  So hide
  // them unless we have a cookie that says to show them.
  checkCookie();
  // -->
</script>
</body>
</html>