Example #1
0
bool compare_signature(unsigned char *data, QWORD ep_offset, FILE *dbfile, char *packer_name)
{
	char *buff = (char *) xmalloc(MAX_SIG_SIZE);
	size_t len;
	
	if (!dbfile || !data)
		return false;

	//memset(buff, 0, MAX_SIG_SIZE);
	while (fgets(buff, MAX_SIG_SIZE, dbfile))
	{
		// line length
		len = strlen(buff);
		
		// ifgore comments and blank lines
		if (*buff == ';' || *buff == '\n' || *buff == '\r')
			continue;
		
		// remove newline from buffer
		if (*(buff+len-1) == '\n')
			*(buff+len-1) = '\0';
		
		// removing carriage return, if present
		if (*(buff+len-2) == '\r')
		{
			*(buff+len-2) = '\0';
			//*(buff+len-1) = '\0';
			len--; // update line length
		}
		
		// line have [packer name]? Fill packer_name pointer
		if (*buff == '[' && *(buff+len-2) == ']')
		{
			*(buff+len-2) = '\0'; // remove square brackets
			strncpy(packer_name, buff+1, MAX_MSG);
		}
		
		// check if signature match
		if (!strncasecmp(buff, "signature", 9))
		{
			if (match_peid_signature(data + ep_offset, buff+9))
			{
				free(buff);
				return true;
			}
		}
	}
	packer_name = NULL;
	free(buff);
	return false;
}
Example #2
0
static bool compare_signature(const unsigned char *data, uint64_t ep_offset, FILE *dbfile, char *packer_name, size_t packer_name_len)
{
	if (!dbfile || !data)
		return false;

	char *buff = malloc_s(MAX_SIG_SIZE);

	//memset(buff, 0, MAX_SIG_SIZE);
	while (fgets(buff, MAX_SIG_SIZE, dbfile))
	{
		// line length
		size_t len = strlen(buff);

		// ifgore comments and blank lines
		if (*buff == ';' || *buff == '\n' || *buff == '\r')
			continue;

		// remove newline from buffer
		if (*(buff+len-1) == '\n')
			*(buff+len-1) = '\0';

		// removing carriage return, if present
		if (*(buff+len-2) == '\r')
		{
			*(buff+len-2) = '\0';
			//*(buff+len-1) = '\0';
			len--; // update line length
		}

		// line have [packer name]? Fill packer_name pointer
		if (*buff == '[' && *(buff+len-2) == ']')
		{
			*(buff+len-2) = '\0'; // remove square brackets
			strncpy(packer_name, buff+1, packer_name_len);
			packer_name[packer_name_len-1] = '\0'; // Guarantee it's Null-terminated.
		}

		// check if signature match
		if (!strncasecmp(buff, "signature", 9))
		{
			if (match_peid_signature(data + ep_offset, buff+9))
			{
				free(buff);
				return true;
			}
		}
	}
	free(buff);
	return false;
}