Implemented computation of export hashes #321
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
metthal
requested changes
Jun 3, 2018
There was a problem hiding this comment.
Code doesn't look bad but spaces need to be replaced with tabs and few return by values can be replaced with return by const reference.
This PR is however incomplete. It is missing some files, for example I don't see any changes in src/fileformat/types/export_table but there should be since header is changed. Presentation to JSON is also missing.
| @@ -116,6 +116,7 @@ class FileFormat : public retdec::utils::ByteValueStorage, private retdec::utils | |||
| void loadStrings(StringType type, std::size_t charSize); | |||
| void loadStrings(StringType type, std::size_t charSize, const SecSeg* secSeg); | |||
| void loadImpHash(); | |||
| void loadExpHash(); | |||
| @@ -42,6 +42,7 @@ class Export | |||
|
|
|||
| /// @name Other methods | |||
| /// @{ | |||
| virtual bool isUsedForImphash() const; | |||
There was a problem hiding this comment.
Use tabs for indentation. Also, this method shouldn't be here.
| public: | ||
| ExportTable(); | ||
| ~ExportTable(); | ||
|
|
||
| /// @name Getters | ||
| /// @{ | ||
| std::size_t getNumberOfExports() const; | ||
| std::string getExphashCrc32() const; |
There was a problem hiding this comment.
This should probably return const std::string&.
| loadImports(); | ||
| loadExports(); | ||
|
|
||
| if(stateIsValid) |
| @@ -733,6 +734,8 @@ void PeFormat::loadExports() | |||
| exportTable->addExport(newExport); | |||
| } | |||
|
|
|||
| loadExpHash(); | |||
| @@ -26,7 +26,7 @@ namespace fileinfo { | |||
| FileDetector::FileDetector(std::string pathToInputFile, FileInformation &finfo, retdec::cpdetect::DetectParams &searchPar, retdec::fileformat::LoadFlags loadFlags) : | |||
| fileInfo(finfo), cpParams(searchPar), fileConfig(nullptr), fileParser(nullptr), loaded(false), loadFlags(loadFlags) | |||
| { | |||
| fileInfo.setPathToFile(pathToInputFile); | |||
| fileInfo.setPathToFile(pathToInputFile); | |||
| @@ -37,8 +37,8 @@ const unsigned long long PE_16_FLAGS_SIZE = 16; | |||
| PeDetector::PeDetector(std::string pathToInputFile, FileInformation &finfo, retdec::cpdetect::DetectParams &searchPar, retdec::fileformat::LoadFlags loadFlags) : | |||
| FileDetector(pathToInputFile, finfo, searchPar, loadFlags) | |||
| { | |||
| fileParser = peParser = std::make_shared<PeWrapper>(fileInfo.getPathToFile(), loadFlags); | |||
| loaded = peParser->isInValidState(); | |||
| fileParser = peParser = std::make_shared<PeWrapper>(fileInfo.getPathToFile(), loadFlags); | |||
| @@ -179,6 +179,9 @@ class FileInformation | |||
| /// @name Getters of @a exportTable | |||
| /// @{ | |||
| std::size_t getNumberOfStoredExports() const; | |||
| std::string getExphashCrc32() const; | |||
| info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); | ||
|
|
||
| return info.size(); | ||
| desc.push_back("CRC32 : "); |
| info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); | ||
|
|
||
| return info.size(); | ||
| desc.push_back("crc32"); |
|
A few notes from me:
|
metthal
requested changes
Jun 5, 2018
There was a problem hiding this comment.
I've added my review notes and I also have two general notes to add:
- What about other file formats like ELF or Mach-O? I believe this kind of hash would come handy for us even for formats other than PE.
- Whenever we detect nonprintable characters in export name we replace its name with generic name
exported_function_<address>(at least on PE and Mach-O). This can potentially cause problems and generate same hash for two completely different files with export tables corrupted in the same way. I'll need to analyze this before I give you final decision. I'll get back to you soon.
| @@ -21,14 +21,20 @@ class ExportTable | |||
| { | |||
| private: | |||
| using exportsIterator = std::vector<Export>::const_iterator; | |||
| std::vector<Export> exports; ///< stored exports | |||
| std::vector<Export> exports; ///< stored exports | |||
There was a problem hiding this comment.
We use tabs only to indent code. If you want to add comments at the end of the line, align it with spaces please.
| info.push_back(numToStr(fileinfo.getNumberOfStoredExports())); | ||
| info.push_back(fileinfo.getImphashCrc32()); |
There was a problem hiding this comment.
This should be exphash, not imphash. Same for all three of them.
metthal
approved these changes
Jul 4, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#121
expHashes are calculated after the table gets sorted alphabetically. ordinals are not converted to names rather to form of "ord<ord_num>"