Re: [radare] binparser search engine

Sun, 08 Apr 2007 10:45:28 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

An example :

[0x00000000000000]> %MASK[0] ff 00 ff ff
%MASK[0]='ff 00 ff ff'

[0x00000000000000]> / [A-Z]CEC

0x00000040 'hit0[0]'
ECEC\xa4h\x0b\x8c\xa4h\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

0x00023440 'hit0[1]'
[EMAIL PROTECTED]@[EMAIL PROTECTED]
\x9e\xe5\x00\x00R\xe3\x000\x94\x05\x18 \x93\x05\x000\x94\xe5\x00
\x8e\x05\x1c0\x93\xe5\x020C\xe0\x01\x00S\xe1

0x00023794 'hit0[2]'
ECEC\x00r\x04\x8ct\x0c\x04\x8cSRPXh\x0c\x04\x8c\xf0C-\xe9\xe7\xdfM\xe2\xb83\x9f\xe5\x00
\xa0\xe3\x04
\x8d\xe5\x00P\x93\xe5\x01\x00u\xe3\x000\xa0\x03\x1b\x00\x00\x0a 0\x95\xe5

0x0003A34F 'hit0[3]' [EMAIL PROTECTED]:
0x\x00\x00\x00AT-Command Interpreter ready\x00\x00\x00

0x0003A35D 'hit0[4]' CHECKSUM: 0x\x00\x00\x00AT-Command Interpreter
ready\x00\x00\x00\x00\x00 \x00\xac ^\x04\x8c ^\x04\x8c\x1f
[0x00000000000000]>


esteve espuna wrote:
> And the git-diff which might be easier to follow... :
> 
> 
> diff --git a/src/binparse.c b/src/binparse.c
> index bea4507..73bf959 100644
> --- a/src/binparse.c
> +++ b/src/binparse.c
> @@ -118,9 +118,10 @@ void print_tok_list(tokenlist* toklist)
> 
>       printf ("TOKLIST %s:\n",toklist->name);
>       for (i=0; i<toklist->numtok; i++)
> -             printf ("TOK : %c , range : %d \n",
> +             printf ("TOK : %c , range : %d mask : %x\n",
>                       toklist->tl[i].mintok,
> -                     toklist->tl[i].range);
> +                     toklist->tl[i].range,
> +                     toklist->tl[i].mask);
>       NEWLINE;
>       printf ("\n");
>  }
> @@ -301,6 +302,43 @@ tokenizer* binparse_new_from_file(char *
>       return tll ;
>  }
> 
> +int binparse_get_mask_list ( char* mask , char* maskout )
> +{
> +     int i,j,k ;
> +     char num [3];
> +
> +     num[2] = 0;
> +
> +     i = 0;  j = 0;  k = 0;
> +     while ( mask[i] != 0 )
> +     {
> +             if ( mask[i] != ' ' ) {
> +                     num[j] = mask[i];
> +                     j++;
> +             }
> +             i++;
> +             if ( j == 2 )
> +             {
> +                     sscanf ( num, "%x", &maskout[k] );
> +                     k++;
> +                     j = 0;
> +             }
> +
> +     }
> +
> +     return k;
> +}
> +void binparse_apply_mask (char * maskout, int masklen , token* tlist ,
> int ntok)
> +{    
> +     int i;
> +     for  ( i = 0; i < ntok ; i ++ )
> +     {
> +             tlist[i].mask = maskout[i%masklen];
> +
> +     }
> +
> +
> +}
>  static tokenlist *binparse_token_mask(char *name, char *token, char *mask)
>  {
>       tokenlist *tls;
> @@ -308,6 +346,8 @@ static tokenlist *binparse_token_mask(ch
>       void *tlist = 0;
>       int ntok = 0;
>       int len;
> +     int masklen;
> +     char maskout[300];
> 
>       tls = malloc(sizeof( tokenlist )) ;
>       // TODO mask not yet done
> @@ -320,7 +360,16 @@ static tokenlist *binparse_token_mask(ch
>       tls->lastpos = 0;
>       tls->estat = 0;
>       strcpy ( tls->name , name ); // XXX bof here!
> +     
> +     if ( mask == NULL )
> +     {
> +             mask = "ff" ;
> +     }
> +
> +     masklen = binparse_get_mask_list ( mask , maskout );
> +     binparse_apply_mask ( maskout, masklen , tlist , ntok ) ;
> 
> +     //print_tok_list ( tls ) ;
>       return tls;
>  }
> 
> @@ -341,17 +390,32 @@ int binparse_add(tokenizer *t, char *str
> 
>  void update_tlist(tokenizer* t, unsigned char inchar, off_t where )
>  {
> -     int cmin;
> -     int cmax;
> +     unsigned char cmin;
> +     unsigned char cmax;
> +     unsigned char cmask;
>       int i;
> 
>       for (i=0; i<t->nlists; i++ ) {
>               cmin = (t->tls[i]->tl[t->tls[i]->estat]).mintok;
> -             cmax = cmin + (t->tls[i]->tl[t->tls[i]->estat]).range;
> -     
> -             if ( (inchar >= cmin) && ( inchar <= cmax ) )
> -                     t->tls[i]->actp[t->tls[i]->estat++] = inchar;
> -             else    t->tls[i]->estat = 0;
> +
> +             if (  (t->tls[i]->tl[t->tls[i]->estat]).range > 0 )
> +             {
> +                     // RANGE
> +                     cmax = cmin + (t->tls[i]->tl[t->tls[i]->estat]).range;
> +             
> +                     if ( (inchar >= cmin) && ( inchar <= cmax ) )
> +                             t->tls[i]->actp[t->tls[i]->estat++] = inchar;
> +                     else    t->tls[i]->estat = 0;
> +             }
> +             else
> +             {
> +                     // 1 char
> +                     cmask = (t->tls[i]->tl[t->tls[i]->estat]).mask;
> +                     if (  (inchar&cmask) == (cmin&cmask)   )
> +                             t->tls[i]->actp[t->tls[i]->estat++] = inchar;
> +                     else    t->tls[i]->estat = 0;
> +
> +             }
> 
>               if ( t->tls[i]->estat == (t->tls[i]->numtok) ) {
>                       t->tls[i]->actp[t->tls[i]->estat+1] = 0 ;
> diff --git a/src/binparse.h b/src/binparse.h
> index ae8cfb4..2a666c0 100644
> --- a/src/binparse.h
> +++ b/src/binparse.h
> @@ -6,6 +6,7 @@
>  typedef struct _token {
>       unsigned char mintok;   //Token, or base
>       unsigned char range;    //0 nomes el mintok, ( maxtoken - mintoken )
> +     unsigned char mask;
>  } token;
> 
>  typedef struct _tokenlist {
> @@ -25,6 +26,7 @@ typedef struct _tokenizer {
> 
>  tokenizer* binparse_new();
>  tokenizer* binparse_new_from_file(char *file);
> +int binparse_get_mask_list ( char* mask , char* maskout );
>  int binparse_add_search(tokenizer *t, int id);
>  int binparser_free(tokenizer* ptokenizer);
>  void update_tlist( tokenizer*  ptok, unsigned char inchar, off_t where);
> @@ -36,5 +38,6 @@ tokenlist* get_tok_list(  char* line, in
>  tokenizer* build_tokenizer( char * file ) ;
>  void tokenize(int fd, tokenizer* ptok);
>  int binparse_add(tokenizer *t, char *string, char *mask);
> +void binparse_apply_mask (char * maskout, int masklen , token* tlist ,
> int ntok) ;
> 
>  #endif
> 
> 
> esteve espuna wrote:
> 
>>>Hi,
>>>
>>>Here is the new binparser which includes the mask. Needs more testing as
>>>I have just tried that it works... I have finally separated the range
>>>feature from the mask one, if range is defined then mask is not applied,
>>>as it is hard to tell the expected behaviour...
>>>
>>>
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: binparse.c
> Type: text/x-csrc
> Size: 9097 bytes
> Desc: not available
> Url :
> https://lists.nopcode.org/mailman/private/radare/attachments/20070408/9ca9df1f/attachment.c
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: binparse.h
> Type: text/x-chdr
> Size: 1278 bytes
> Desc: not available
> Url :
> https://lists.nopcode.org/mailman/private/radare/attachments/20070408/9ca9df1f/attachment.h
> 
> _______________________________________________
> radare mailing list
> [email protected]
> https://lists.nopcode.org/mailman/listinfo/radare
> 
_______________________________________________
radare mailing list
[email protected]
https://lists.nopcode.org/mailman/listinfo/radare

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFGGSoLHCkwMET/DRYRAnQgAJ4qELtRoWGvESsCmSBbrSCFkc9pSgCfSa/q
pNOsIjH00iwJ3n4SqXzgTDs=
=7g44
-----END PGP SIGNATURE-----
_______________________________________________
radare mailing list
[email protected]
https://lists.nopcode.org/mailman/listinfo/radare

Reply via email to